base/bif/plugins/Zeek_MySQL.events.bif.zeek

GLOBAL
Namespace:

GLOBAL

Summary

Events

mysql_auth_more_data: event

Generated for opaque authentication data exchanged between client and server after the client’s handshake packet, but before the server replied with an OK_Packet

mysql_auth_plugin: event

Generated for information about plugin authentication within handshake packets.

mysql_auth_switch_request: event

Generated for a server packet with an auth switch request.

mysql_change_user: event

Generated for a change user command from a MySQL client.

mysql_command_request: event

Generated for a command request from a MySQL client.

mysql_eof: event

Generated for a MySQL EOF packet.

mysql_error: event

Generated for an unsuccessful MySQL response.

mysql_handshake: event

Generated for a client handshake response packet, which includes the username the client is attempting to connect as.

mysql_ok: event

Generated for a successful MySQL response.

mysql_result_row: event

Generated for each MySQL ResultsetRow response packet.

mysql_server_version: event

Generated for the initial server handshake packet, which includes the MySQL server version.

mysql_ssl_request: event

Generated for a short client handshake response packet with the CLIENT_SSL flag set.

Detailed Interface

Events

mysql_auth_more_data
Type:

event (c: connection, is_orig: bool, data: string)

Generated for opaque authentication data exchanged between client and server after the client’s handshake packet, but before the server replied with an OK_Packet

Data is specific to the plugin auth mechanism used by client and server.

Parameters:
  • c – The connection.

  • is_orig – True if this is from the client, false if from the server.

  • data – More authentication data.

See also: mysql_handshake, mysql_auth_switch_request

mysql_auth_plugin
Type:

event (c: connection, is_orig: bool, name: string, data: string)

Generated for information about plugin authentication within handshake packets.

Parameters:
  • c – The connection.

  • is_orig – True if this is from the client, false if from the server.

  • name – Name of the authentication plugin.

  • data – The initial auth data. From the server, it is the concatenation of auth_plugin_data_part_1 and auth_plugin_data_part_2 in the handshake. For the client it is the auth_response in the handshake response.

See also: mysql_handshake, mysql_auth_switch_request, mysql_auth_more_data

mysql_auth_switch_request
Type:

event (c: connection, name: string, data: string)

Generated for a server packet with an auth switch request.

Parameters:
  • c – The connection.

  • name – The plugin name.

  • data – Initial authentication data for the plugin.

See also: mysql_handshake, mysql_auth_more_data

mysql_change_user
Type:

event (c: connection, username: string)

Generated for a change user command from a MySQL client.

See the MySQL documentation for more information about the MySQL protocol.

Parameters:
  • c – The connection.

  • username – The username supplied by the client

See also: mysql_error, mysql_ok, mysql_server_version, mysql_handshake

mysql_command_request
Type:

event (c: connection, command: count, arg: string)

Generated for a command request from a MySQL client.

See the MySQL documentation for more information about the MySQL protocol.

Parameters:
  • c – The connection.

  • command – The numerical code of the command issued.

  • arg – The argument for the command (empty string if not provided).

See also: mysql_error, mysql_ok, mysql_server_version, mysql_handshake

mysql_eof
Type:

event (c: connection, is_intermediate: bool)

Generated for a MySQL EOF packet.

See the MySQL documentation for more information about the MySQL protocol.

Parameters:
  • c – The connection.

  • is_intermediate – True if this is an EOF packet between the column definition and the rows, false if a final EOF.

See also: mysql_command_request, mysql_error, mysql_server_version, mysql_handshake

mysql_error
Type:

event (c: connection, code: count, msg: string)

Generated for an unsuccessful MySQL response.

See the MySQL documentation for more information about the MySQL protocol.

Parameters:
  • c – The connection.

  • code – The error code.

  • msg – Any extra details about the error (empty string if not provided).

See also: mysql_command_request, mysql_ok, mysql_server_version, mysql_handshake

mysql_handshake
Type:

event (c: connection, username: string)

Generated for a client handshake response packet, which includes the username the client is attempting to connect as.

See the MySQL documentation for more information about the MySQL protocol.

Parameters:
  • c – The connection.

  • username – The username supplied by the client

See also: mysql_command_request, mysql_error, mysql_ok, mysql_server_version, mysql_ssl_request

mysql_ok
Type:

event (c: connection, affected_rows: count)

Generated for a successful MySQL response.

See the MySQL documentation for more information about the MySQL protocol.

Parameters:
  • c – The connection.

  • affected_rows – The number of rows that were affected.

See also: mysql_command_request, mysql_error, mysql_server_version, mysql_handshake

mysql_result_row
Type:

event (c: connection, row: string_vec)

Generated for each MySQL ResultsetRow response packet.

See the MySQL documentation for more information about the MySQL protocol.

Parameters:
  • c – The connection.

  • row – The result row data.

See also: mysql_command_request, mysql_error, mysql_server_version, mysql_handshake, mysql_ok

mysql_server_version
Type:

event (c: connection, ver: string)

Generated for the initial server handshake packet, which includes the MySQL server version.

See the MySQL documentation for more information about the MySQL protocol.

Parameters:
  • c – The connection.

  • ver – The server version string.

See also: mysql_command_request, mysql_error, mysql_ok, mysql_handshake

mysql_ssl_request
Type:

event (c: connection)

Generated for a short client handshake response packet with the CLIENT_SSL flag set. Usually the client will initiate a TLS handshake afterwards. See the MySQL documentation for more information about the MySQL protocol.

Parameters:

c – The connection.

See also: mysql_handshake