From 119ad59b70a9e07b627ee16e05b1817837054015 Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <grigorescu@gmail.com>
Date: Tue, 28 Oct 2014 16:56:11 -0600
Subject: [PATCH] Integrate MySQL with the software framework

---
 scripts/policy/protocols/mysql/software.bro | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 scripts/policy/protocols/mysql/software.bro

diff --git a/scripts/policy/protocols/mysql/software.bro b/scripts/policy/protocols/mysql/software.bro
new file mode 100644
index 0000000000..55e8f878bf
--- /dev/null
+++ b/scripts/policy/protocols/mysql/software.bro
@@ -0,0 +1,20 @@
+##! Software identification and extraction for MySQL traffic.
+
+@load base/frameworks/software
+
+module MySQL;
+
+export {
+	redef enum Software::Type += {
+		## Identifier for MySQL servers in the software framework.
+		SERVER,
+	};
+}
+
+event mysql_server_version(c: connection, ver: string)
+	{
+	if ( ver == "" )
+		return;
+	
+	Software::found(c$id, [$unparsed_version=ver, $host=c$id$resp_h, $software_type=SERVER]);
+	}
\ No newline at end of file