Original address: https://github.com/Qihoo360/mysql-sniffer/blob/master/README_CN.md
1. Introduction
MySQL Sniffer is a packet capture tool based on MySQL protocol. It captures requests from MySQL Server or Client in real time and formats the output. The output content includes access time, access user, source IP, access to Database, command time, number of returned data rows, and executed statements. There are multiple usage methods such as batch capture of multiple ports, background operation, log segmentation, etc., which are convenient to operate and output friendly.
At the same time, it is also suitable for grabbing requests from the Atlas side. Atlas is a data middle-tier project based on the MySQL protocol open sourced by Qihoo. The project address is: https://github.com/Qihoo360/Atlas
Similar tools are vc-mysql-sniffer, and tshark's -e mysql.query parameter to parse the MySQL protocol.
2. Use
It is recommended to compile and install on centos6.2 and above, and run it with root.
3. Installation
Install dependencies
yum -y install glib2-devel libpcap-devel libnet-devel cmake
yum -y install gcc gcc-c++Software Installation
git clone https://github.com/Qihoo360/mysql-sniffer
cd mysql-sniffer
mkdir proj
cd proj
cmake ../
make
cd bin/4. Examples
4.1 Capture a port information in real time and print it to the screen
The output format is: time, accessing user, source IP, accessing Database, command time-consuming, returning data rows, and executing statement.
mysql-sniffer -i eth0 -p 3306
2017-02-23 14:47:45 testuser 10.xx.xx.xx NULL 0ms 1 select @@version_comment limit 1
2017-02-23 14:47:45 testuser 10.xx.xx.xx NULL 0ms 1 select USER()
2017-02-23 14:47:48 testuser 10.xx.xx.xx NULL 0ms 13 show databases
2017-02-23 14:47:51 testuser 10.xx.xx.xx NULL 0ms 1 SELECT DATABASE()
2017-02-23 14:47:51 testuser 10.xx.xx.xx mysql 0ms 0 use mysql
2017-02-23 14:47:53 testuser 10.xx.xx.xx mysql 0ms 29 show tables
2017-02-23 14:47:54 testuser 10.xx.xx.xx mysql 0ms 1 select 1
2017-02-23 14:48:01 testuser1 10.xx.xx.xx NULL 0ms 0 set autocommit=1
2017-02-23 14:48:01 testuser1 10.xx.xx.xx NULL 0ms 0 set autocommit=1
4.2 Capture a port information in real time and print it to a file
-l Specifies the log output path, the log file will be named port.log.
mysql-sniffer -i eth0 -p 3306 -l /tmp
4.3 Capture multiple port information in real time and print to file
-l specifies the log output path, -p specifies a comma-separated list of ports to be captured. The log files will be named after their respective port.log.
mysql-sniffer -i eth0 -p 3306,3307,3310 -l /tmp5. Problems
- In the lvs environment, if the client IP is stored in the tcp opt field in each connection stage, the real client IP extracted by mysql-sniffer is not the lvs IP.
- Only newly created links can be grabbed. If it is a previously created link, the user name and library name will not be obtained, and there is a certain chance of packet loss.
In order to facilitate everyone to communicate, I have opened a WeChat public account and a QQ group, QQ group: 291519319, let’s communicate with those who like technology
