mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
954e7980cf
* MySQL: the parser for this was generally broken (not following the specification well) and needed many changes. One addition is a new "mysql_result_row" event that provides access to the results of queries. * SMB: the spec seems to explitly call out the omission of the PrimaryDomain field on SMB_COM_SESSION_SETUP_ANDX responses (and I don't see that field in pcaps either), so this may have just been a typo that used to work fine in the past only due to faulty array parsing behavior in binpac.
27 lines
632 B
Text
27 lines
632 B
Text
# This tests a PCAP with a few MySQL commands from the Wireshark samples.
|
|
|
|
# @TEST-EXEC: bro -b -r $TRACES/mysql/mysql.trace %INPUT >out
|
|
# @TEST-EXEC: btest-diff out
|
|
# @TEST-EXEC: btest-diff mysql.log
|
|
|
|
@load base/protocols/mysql
|
|
|
|
event mysql_ok(c: connection, affected_rows: count)
|
|
{
|
|
print "mysql ok", affected_rows;
|
|
}
|
|
|
|
event mysql_result_row(c: connection, row: string_vec)
|
|
{
|
|
print "mysql result row", row;
|
|
}
|
|
|
|
event mysql_error(c: connection, code: count, msg: string)
|
|
{
|
|
print "mysql error", code, msg;
|
|
}
|
|
|
|
event mysql_command_request(c: connection, command: count, arg: string)
|
|
{
|
|
print "mysql request", command, arg;
|
|
}
|