base/bif/plugins/Zeek_MySQL.events.bif.zeek
- GLOBAL
- Namespace:
GLOBAL
Summary
Events
Generated for opaque authentication data exchanged between client and server after the client’s handshake packet, but before the server replied with an OK_Packet |
|
Generated for information about plugin authentication within handshake packets. |
|
Generated for a server packet with an auth switch request. |
|
Generated for a change user command from a MySQL client. |
|
Generated for a command request from a MySQL client. |
|
Generated for a MySQL EOF packet. |
|
Generated for an unsuccessful MySQL response. |
|
Generated for a client handshake response packet, which includes the username the client is attempting to connect as. |
|
Generated for a successful MySQL response. |
|
Generated for each MySQL ResultsetRow response packet. |
|
Generated for the initial server handshake packet, which includes the MySQL server version. |
|
Generated for a short client handshake response packet with the CLIENT_SSL flag set. |
Detailed Interface
Events
- mysql_auth_more_data
- Type:
event
(c:connection
, is_orig:bool
, data:string
)
Generated for opaque authentication data exchanged between client and server after the client’s handshake packet, but before the server replied with an OK_Packet
Data is specific to the plugin auth mechanism used by client and server.
- Parameters:
c – The connection.
is_orig – True if this is from the client, false if from the server.
data – More authentication data.
See also:
mysql_handshake
,mysql_auth_switch_request
- mysql_auth_plugin
- Type:
event
(c:connection
, is_orig:bool
, name:string
, data:string
)
Generated for information about plugin authentication within handshake packets.
- Parameters:
c – The connection.
is_orig – True if this is from the client, false if from the server.
name – Name of the authentication plugin.
data – The initial auth data. From the server, it is the concatenation of auth_plugin_data_part_1 and auth_plugin_data_part_2 in the handshake. For the client it is the auth_response in the handshake response.
See also:
mysql_handshake
,mysql_auth_switch_request
,mysql_auth_more_data
- mysql_auth_switch_request
- Type:
event
(c:connection
, name:string
, data:string
)
Generated for a server packet with an auth switch request.
- Parameters:
c – The connection.
name – The plugin name.
data – Initial authentication data for the plugin.
See also:
mysql_handshake
,mysql_auth_more_data
- mysql_change_user
- Type:
event
(c:connection
, username:string
)
Generated for a change user command from a MySQL client.
See the MySQL documentation for more information about the MySQL protocol.
- Parameters:
c – The connection.
username – The username supplied by the client
See also:
mysql_error
,mysql_ok
,mysql_server_version
,mysql_handshake
- mysql_command_request
- Type:
event
(c:connection
, command:count
, arg:string
)
Generated for a command request from a MySQL client.
See the MySQL documentation for more information about the MySQL protocol.
- Parameters:
c – The connection.
command – The numerical code of the command issued.
arg – The argument for the command (empty string if not provided).
See also:
mysql_error
,mysql_ok
,mysql_server_version
,mysql_handshake
- mysql_eof
- Type:
event
(c:connection
, is_intermediate:bool
)
Generated for a MySQL EOF packet.
See the MySQL documentation for more information about the MySQL protocol.
- Parameters:
c – The connection.
is_intermediate – True if this is an EOF packet between the column definition and the rows, false if a final EOF.
See also:
mysql_command_request
,mysql_error
,mysql_server_version
,mysql_handshake
- mysql_error
- Type:
event
(c:connection
, code:count
, msg:string
)
Generated for an unsuccessful MySQL response.
See the MySQL documentation for more information about the MySQL protocol.
- Parameters:
c – The connection.
code – The error code.
msg – Any extra details about the error (empty string if not provided).
See also:
mysql_command_request
,mysql_ok
,mysql_server_version
,mysql_handshake
- mysql_handshake
- Type:
event
(c:connection
, username:string
)
Generated for a client handshake response packet, which includes the username the client is attempting to connect as.
See the MySQL documentation for more information about the MySQL protocol.
- Parameters:
c – The connection.
username – The username supplied by the client
See also:
mysql_command_request
,mysql_error
,mysql_ok
,mysql_server_version
,mysql_ssl_request
- mysql_ok
- Type:
event
(c:connection
, affected_rows:count
)
Generated for a successful MySQL response.
See the MySQL documentation for more information about the MySQL protocol.
- Parameters:
c – The connection.
affected_rows – The number of rows that were affected.
See also:
mysql_command_request
,mysql_error
,mysql_server_version
,mysql_handshake
- mysql_result_row
- Type:
event
(c:connection
, row:string_vec
)
Generated for each MySQL ResultsetRow response packet.
See the MySQL documentation for more information about the MySQL protocol.
- Parameters:
c – The connection.
row – The result row data.
See also:
mysql_command_request
,mysql_error
,mysql_server_version
,mysql_handshake
,mysql_ok
- mysql_server_version
- Type:
event
(c:connection
, ver:string
)
Generated for the initial server handshake packet, which includes the MySQL server version.
See the MySQL documentation for more information about the MySQL protocol.
- Parameters:
c – The connection.
ver – The server version string.
See also:
mysql_command_request
,mysql_error
,mysql_ok
,mysql_handshake
- mysql_ssl_request
- Type:
event
(c:connection
)
Generated for a short client handshake response packet with the CLIENT_SSL flag set. Usually the client will initiate a TLS handshake afterwards. See the MySQL documentation for more information about the MySQL protocol.
- Parameters:
c – The connection.
See also:
mysql_handshake