:tocdepth: 3 base/protocols/mysql/main.zeek ============================== .. zeek:namespace:: MySQL Implements base functionality for MySQL analysis. Generates the mysql.log file. :Namespace: MySQL :Imports: :doc:`base/protocols/conn/removal-hooks.zeek `, :doc:`base/protocols/mysql/consts.zeek ` Summary ~~~~~~~ Redefinable Options ################### ============================================================= =========================== :zeek:id:`MySQL::ports`: :zeek:type:`set` :zeek:attr:`&redef` Well-known ports for MySQL. ============================================================= =========================== Types ##### ============================================= = :zeek:type:`MySQL::Info`: :zeek:type:`record` ============================================= = Redefinitions ############# ============================================ ======================================================== :zeek:type:`Log::ID`: :zeek:type:`enum` * :zeek:enum:`mysql::LOG` :zeek:type:`connection`: :zeek:type:`record` :New Fields: :zeek:type:`connection` mysql: :zeek:type:`MySQL::Info` :zeek:attr:`&optional` ============================================ ======================================================== Events ###### =============================================== ===================================================================== :zeek:id:`MySQL::log_mysql`: :zeek:type:`event` Event that can be handled to access the MySQL record as it is sent on to the logging framework. =============================================== ===================================================================== Hooks ##### ================================================================ ======================== :zeek:id:`MySQL::finalize_mysql`: :zeek:type:`Conn::RemovalHook` MySQL finalization hook. :zeek:id:`MySQL::log_policy`: :zeek:type:`Log::PolicyHook` ================================================================ ======================== Detailed Interface ~~~~~~~~~~~~~~~~~~ Redefinable Options ################### .. zeek:id:: MySQL::ports :source-code: base/protocols/mysql/main.zeek 12 12 :Type: :zeek:type:`set` [:zeek:type:`port`] :Attributes: :zeek:attr:`&redef` :Default: :: { 1434/tcp, 3306/tcp } Well-known ports for MySQL. Types ##### .. zeek:type:: MySQL::Info :source-code: base/protocols/mysql/main.zeek 16 33 :Type: :zeek:type:`record` .. zeek:field:: ts :zeek:type:`time` :zeek:attr:`&log` Timestamp for when the event happened. .. zeek:field:: uid :zeek:type:`string` :zeek:attr:`&log` Unique ID for the connection. .. zeek:field:: id :zeek:type:`conn_id` :zeek:attr:`&log` The connection's 4-tuple of endpoint addresses/ports. .. zeek:field:: cmd :zeek:type:`string` :zeek:attr:`&log` The command that was issued .. zeek:field:: arg :zeek:type:`string` :zeek:attr:`&log` The argument issued to the command .. zeek:field:: success :zeek:type:`bool` :zeek:attr:`&log` :zeek:attr:`&optional` Did the server tell us that the command succeeded? .. zeek:field:: rows :zeek:type:`count` :zeek:attr:`&log` :zeek:attr:`&optional` The number of affected rows, if any .. zeek:field:: response :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional` Server message, if any Events ###### .. zeek:id:: MySQL::log_mysql :source-code: base/protocols/mysql/main.zeek 37 37 :Type: :zeek:type:`event` (rec: :zeek:type:`MySQL::Info`) Event that can be handled to access the MySQL record as it is sent on to the logging framework. Hooks ##### .. zeek:id:: MySQL::finalize_mysql :source-code: base/protocols/mysql/main.zeek 158 165 :Type: :zeek:type:`Conn::RemovalHook` MySQL finalization hook. Remaining MySQL info may get logged when it's called. .. zeek:id:: MySQL::log_policy :source-code: base/protocols/mysql/main.zeek 14 14 :Type: :zeek:type:`Log::PolicyHook`