base/protocols/mysql/main.zeek

MySQL

Implements base functionality for MySQL analysis. Generates the mysql.log file.

Namespace:

MySQL

Imports:

base/protocols/conn/removal-hooks.zeek, base/protocols/mysql/consts.zeek

Summary

Redefinable Options

MySQL::ports: set &redef

Well-known ports for MySQL.

Types

MySQL::Info: record

Redefinitions

Log::ID: enum

connection: record
New Fields:

connection

mysql: MySQL::Info &optional

Events

MySQL::log_mysql: event

Event that can be handled to access the MySQL record as it is sent on to the logging framework.

Hooks

MySQL::finalize_mysql: Conn::RemovalHook

MySQL finalization hook.

MySQL::log_policy: Log::PolicyHook

Detailed Interface

Redefinable Options

MySQL::ports
Type:

set [port]

Attributes:

&redef

Default:
{
   1434/tcp,
   3306/tcp
}

Well-known ports for MySQL.

Types

MySQL::Info
Type:

record

Fields:
ts: time &log

Timestamp for when the event happened.

uid: string &log

Unique ID for the connection.

id: conn_id &log

The connection’s 4-tuple of endpoint addresses/ports.

cmd: string &log

The command that was issued

arg: string &log

The argument issued to the command

success: bool &log &optional

Did the server tell us that the command succeeded?

rows: count &log &optional

The number of affected rows, if any

response: string &log &optional

Server message, if any

Events

MySQL::log_mysql
Type:

event (rec: MySQL::Info)

Event that can be handled to access the MySQL record as it is sent on to the logging framework.

Hooks

MySQL::finalize_mysql
Type:

Conn::RemovalHook

MySQL finalization hook. Remaining MySQL info may get logged when it’s called.

MySQL::log_policy
Type:

Log::PolicyHook