:tocdepth: 3 base/protocols/mysql/main.zeek ============================== .. zeek:namespace:: MySQL Implements base functionality for MySQL analysis. Generates the mysql.log file. :Namespace: MySQL :Imports: :doc:`base/protocols/conn/removal-hooks.zeek `, :doc:`base/protocols/mysql/consts.zeek ` Summary ~~~~~~~ Types ##### ============================================= = :zeek:type:`MySQL::Info`: :zeek:type:`record` ============================================= = Redefinitions ############# ============================================ ======================================================== :zeek:type:`Log::ID`: :zeek:type:`enum` * :zeek:enum:`mysql::LOG` :zeek:type:`connection`: :zeek:type:`record` :New Fields: :zeek:type:`connection` mysql: :zeek:type:`MySQL::Info` :zeek:attr:`&optional` ============================================ ======================================================== Events ###### =============================================== ===================================================================== :zeek:id:`MySQL::log_mysql`: :zeek:type:`event` Event that can be handled to access the MySQL record as it is sent on to the logging framework. =============================================== ===================================================================== Hooks ##### ================================================================ ======================== :zeek:id:`MySQL::finalize_mysql`: :zeek:type:`Conn::RemovalHook` MySQL finalization hook. :zeek:id:`MySQL::log_policy`: :zeek:type:`Log::PolicyHook` ================================================================ ======================== Detailed Interface ~~~~~~~~~~~~~~~~~~ Types ##### .. zeek:type:: MySQL::Info :source-code: base/protocols/mysql/main.zeek 13 30 :Type: :zeek:type:`record` .. zeek:field:: ts :zeek:type:`time` :zeek:attr:`&log` Timestamp for when the event happened. .. zeek:field:: uid :zeek:type:`string` :zeek:attr:`&log` Unique ID for the connection. .. zeek:field:: id :zeek:type:`conn_id` :zeek:attr:`&log` The connection's 4-tuple of endpoint addresses/ports. .. zeek:field:: cmd :zeek:type:`string` :zeek:attr:`&log` The command that was issued .. zeek:field:: arg :zeek:type:`string` :zeek:attr:`&log` The argument issued to the command .. zeek:field:: success :zeek:type:`bool` :zeek:attr:`&log` :zeek:attr:`&optional` Did the server tell us that the command succeeded? .. zeek:field:: rows :zeek:type:`count` :zeek:attr:`&log` :zeek:attr:`&optional` The number of affected rows, if any .. zeek:field:: response :zeek:type:`string` :zeek:attr:`&log` :zeek:attr:`&optional` Server message, if any Events ###### .. zeek:id:: MySQL::log_mysql :source-code: base/protocols/mysql/main.zeek 34 34 :Type: :zeek:type:`event` (rec: :zeek:type:`MySQL::Info`) Event that can be handled to access the MySQL record as it is sent on to the logging framework. Hooks ##### .. zeek:id:: MySQL::finalize_mysql :source-code: base/protocols/mysql/main.zeek 157 164 :Type: :zeek:type:`Conn::RemovalHook` MySQL finalization hook. Remaining MySQL info may get logged when it's called. .. zeek:id:: MySQL::log_policy :source-code: base/protocols/mysql/main.zeek 11 11 :Type: :zeek:type:`Log::PolicyHook`