mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
A bit of MySQL cleanup - removed unused events, consolidated similar events, fixed up main.bro a bit
This commit is contained in:
Vlad Grigorescu
parent
45d5080870
commit
e2ad93c543
6 changed files with 167 additions and 82 deletions
38
scripts/base/protocols/mysql/consts.bro
Normal file
38
scripts/base/protocols/mysql/consts.bro
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
module MySQL;
|
||||
|
||||
export {
|
||||
const commands: table[count] of string = {
|
||||
[0] = "sleep",
|
||||
[1] = "quit",
|
||||
[2] = "init_db",
|
||||
[3] = "query",
|
||||
[4] = "field_list",
|
||||
[5] = "create_db",
|
||||
[6] = "drop_db",
|
||||
[7] = "refresh",
|
||||
[8] = "shutdown",
|
||||
[9] = "statistics",
|
||||
[10] = "process_info",
|
||||
[11] = "connect",
|
||||
[12] = "process_kill",
|
||||
[13] = "debug",
|
||||
[14] = "ping",
|
||||
[15] = "time",
|
||||
[16] = "delayed_insert",
|
||||
[17] = "change_user",
|
||||
[18] = "binlog_dump",
|
||||
[19] = "table_dump",
|
||||
[20] = "connect_out",
|
||||
[21] = "register_slave",
|
||||
[22] = "stmt_prepare",
|
||||
[23] = "stmt_execute",
|
||||
[24] = "stmt_send_long_data",
|
||||
[25] = "stmt_close",
|
||||
[26] = "stmt_reset",
|
||||
[27] = "set_option",
|
||||
[28] = "stmt_fetch",
|
||||
[29] = "daemon",
|
||||
[30] = "binlog_dump_gtid",
|
||||
[31] = "reset_connection",
|
||||
} &default=function(i: count): string { return fmt("unknown-%d", i); };
|
||||
}
|
||||
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
module MySQL;
|
||||
|
||||
@load ./consts
|
||||
|
||||
export {
|
||||
redef enum Log::ID += { mysql::LOG };
|
||||
|
||||
|
|
@ -33,48 +35,13 @@ redef record connection += {
|
|||
|
||||
const ports = { 1434/tcp, 3306/tcp };
|
||||
|
||||
const commands: table[count] of string = {
|
||||
[0] = "sleep",
|
||||
[1] = "quit",
|
||||
[2] = "init_db",
|
||||
[3] = "query",
|
||||
[4] = "field_list",
|
||||
[5] = "create_db",
|
||||
[6] = "drop_db",
|
||||
[7] = "refresh",
|
||||
[8] = "shutdown",
|
||||
[9] = "statistics",
|
||||
[10] = "process_info",
|
||||
[11] = "connect",
|
||||
[12] = "process_kill",
|
||||
[13] = "debug",
|
||||
[14] = "ping",
|
||||
[15] = "time",
|
||||
[16] = "delayed_insert",
|
||||
[17] = "change_user",
|
||||
[18] = "binlog_dump",
|
||||
[19] = "table_dump",
|
||||
[20] = "connect_out",
|
||||
[21] = "register_slave",
|
||||
[22] = "stmt_prepare",
|
||||
[23] = "stmt_execute",
|
||||
[24] = "stmt_send_long_data",
|
||||
[25] = "stmt_close",
|
||||
[26] = "stmt_reset",
|
||||
[27] = "set_option",
|
||||
[28] = "stmt_fetch",
|
||||
[29] = "daemon",
|
||||
[30] = "binlog_dump_gtid",
|
||||
[31] = "reset_connection",
|
||||
} &default=function(i: count): string { return fmt("unknown-%d", i); };
|
||||
|
||||
event bro_init() &priority=5
|
||||
{
|
||||
Log::create_stream(mysql::LOG, [$columns=Info, $ev=log_mysql]);
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_MYSQL, ports);
|
||||
}
|
||||
|
||||
event mysql_handshake_response(c: connection, username: string)
|
||||
event mysql_handshake(c: connection, username: string)
|
||||
{
|
||||
if ( !c?$mysql )
|
||||
{
|
||||
|
|
@ -88,7 +55,7 @@ event mysql_handshake_response(c: connection, username: string)
|
|||
}
|
||||
}
|
||||
|
||||
event mysql_command_request(c: connection, command: count, arg: string)
|
||||
event mysql_command_request(c: connection, command: count, arg: string) &priority=5
|
||||
{
|
||||
if ( !c?$mysql )
|
||||
{
|
||||
|
|
@ -99,6 +66,13 @@ event mysql_command_request(c: connection, command: count, arg: string)
|
|||
info$cmd = commands[command];
|
||||
info$arg = sub(arg, /\0$/, "");
|
||||
c$mysql = info;
|
||||
}
|
||||
}
|
||||
|
||||
event mysql_command_request(c: connection, command: count, arg: string) &priority=-5
|
||||
{
|
||||
if ( !c?$mysql )
|
||||
{
|
||||
if ( command == 1 )
|
||||
{
|
||||
# We get no response for quits, so let's just log it now.
|
||||
|
|
@ -108,34 +82,37 @@ event mysql_command_request(c: connection, command: count, arg: string)
|
|||
}
|
||||
}
|
||||
|
||||
event mysql_command_response(c: connection, response: count)
|
||||
{
|
||||
if ( c?$mysql )
|
||||
{
|
||||
c$mysql$result = "ok";
|
||||
c$mysql$response = fmt("Affected rows: %d", response);
|
||||
Log::write(mysql::LOG, c$mysql);
|
||||
delete c$mysql;
|
||||
}
|
||||
}
|
||||
|
||||
event mysql_error(c: connection, code: count, msg: string)
|
||||
event mysql_error(c: connection, code: count, msg: string) &priority=5
|
||||
{
|
||||
if ( c?$mysql )
|
||||
{
|
||||
c$mysql$result = "error";
|
||||
c$mysql$response = msg;
|
||||
}
|
||||
}
|
||||
|
||||
event mysql_error(c: connection, code: count, msg: string) &priority=-5
|
||||
{
|
||||
if ( c?$mysql )
|
||||
{
|
||||
Log::write(mysql::LOG, c$mysql);
|
||||
delete c$mysql;
|
||||
}
|
||||
}
|
||||
|
||||
event mysql_ok(c: connection, affected_rows: count)
|
||||
event mysql_ok(c: connection, affected_rows: count) &priority=5
|
||||
{
|
||||
if ( c?$mysql )
|
||||
{
|
||||
c$mysql$result = "ok";
|
||||
c$mysql$response = fmt("Affected rows: %d", affected_rows);
|
||||
}
|
||||
}
|
||||
|
||||
event mysql_ok(c: connection, affected_rows: count) &priority=-5
|
||||
{
|
||||
if ( c?$mysql )
|
||||
{
|
||||
Log::write(mysql::LOG, c$mysql);
|
||||
delete c$mysql;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue