File tree Expand file tree Collapse file tree 14 files changed +160
-0
lines changed Expand file tree Collapse file tree 14 files changed +160
-0
lines changed Original file line number Diff line number Diff line change 1+ %YAML 1.1
2+ ---
3+
4+ outputs :
5+ - eve-log :
6+ enabled : yes
7+ filetype : regular
8+ filename : eve.json
9+ types :
10+ - alert
11+
12+ app-layer :
13+ protocols :
14+ mysql :
15+ enabled : yes
Original file line number Diff line number Diff line change 1+ alert mysql any any -> any any (msg:"test mysql";mysql.command; pcre:"/(?:[1-9]\d{5})(?:(?:1[89]\d{2}|2\d{3})(?:0[1-9]|1[012])(?:0[1-9]|[12][0-9]|3[01]))\d{2}(?:\d)(?:[0-9xX])/i""; sid:1;)
Original file line number Diff line number Diff line change 1+ args :
2+ - -k none
3+
4+
5+ checks :
6+ - filter :
7+ count : 1
8+ match :
9+ event_type : alert
10+ alert.signature : " test mysql"
11+
Original file line number Diff line number Diff line change 1+ # Test Description
2+
3+ Test mysql prepare statement like ` select * from xxx where id = ? ` .
4+
5+ ## PCAP
6+ This PCAP was generated from flow in my workspace.
Original file line number Diff line number Diff line change 1+ requires :
2+ min-version : 8
3+
4+ args :
5+ - -k none
6+
7+ checks :
8+ - filter :
9+ count : 1
10+ match :
11+ event_type : mysql
12+ mysql.command : select * from requests WHERE id =1 limit 1
13+ mysql.tls : false
14+ mysql.version : 8.4.0
15+ - filter :
16+ count : 1
17+ match :
18+ event_type : mysql
19+ mysql.command : select * from requests WHERE id =2 limit 1
20+ mysql.tls : false
21+ mysql.version : 8.4.0
22+ - filter :
23+ count : 1
24+ match :
25+ event_type : mysql
26+ mysql.command : select * from requests WHERE id=3 and client_code=client2 limit
27+ 1
28+ mysql.tls : false
29+ mysql.version : 8.4.0
30+ - filter :
31+ count : 1
32+ match :
33+ event_type : mysql
34+ mysql.command : select * from requests WHERE id =4 limit 1
35+ mysql.tls : false
36+ mysql.version : 8.4.0
37+ - filter :
38+ count : 1
39+ match :
40+ event_type : mysql
41+ mysql.command : select * from requests WHERE id =5 limit 1
42+ mysql.tls : false
43+ mysql.version : 8.4.0
44+ - filter :
45+ count : 1
46+ match :
47+ event_type : mysql
48+ mysql.command : select * from requests WHERE id =6 limit 1
49+ mysql.tls : false
50+ mysql.version : 8.4.0
51+ - filter :
52+ count : 1
53+ match :
54+ event_type : mysql
55+ mysql.command : select * from requests WHERE id =7 limit 1
56+ mysql.tls : false
57+ mysql.version : 8.4.0
58+ - filter :
59+ count : 1
60+ match :
61+ event_type : mysql
62+ mysql.command : select * from requests WHERE id=8 and client_code=client2 limit
63+ 1
64+ mysql.tls : false
65+ mysql.version : 8.4.0
66+ - filter :
67+ count : 1
68+ match :
69+ event_type : mysql
70+ mysql.command : select * from requests WHERE id=9 and client_code=client2 limit
71+ 1
72+ mysql.tls : false
73+ mysql.version : 8.4.0
Original file line number Diff line number Diff line change 1+ # Test Description
2+
3+ Test mysql normal sql statement.
4+
5+ ## PCAP
6+ This PCAP was generated from flow in my workspace.
Original file line number Diff line number Diff line change 1+ requires :
2+ min-version : 8
3+
4+ args :
5+ - -k none
6+
7+ checks :
8+ - filter :
9+ count : 1
10+ match :
11+ event_type : mysql
12+ mysql.version : 8.0.32
13+ mysql.tls : false
14+ mysql.command : " SELECT VERSION()"
15+ mysql.rows[0] : " 8.0.32"
16+ - filter :
17+ count : 1
18+ match :
19+ event_type : mysql
20+ mysql.version : 8.0.32
21+ mysql.tls : false
22+ mysql.command : " ping"
You can’t perform that action at this time.
0 commit comments