[Bro-Dev] [JIRA] (BIT-1285) MySQL Protocol Analyzer

Robin Sommer (JIRA) jira at bro-tracker.atlassian.net
Tue Nov 11 13:50:07 PST 2014

    [ https://bro-tracker.atlassian.net/browse/BIT-1285?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18801#comment-18801 ] 

Robin Sommer commented on BIT-1285:

Looks good, merged. 

A few suggestions for the scripts though:

- rather than log “ok” and “error”, how about doing a boolean column “success” instead?
- instead of logging “affected rows” as a string, how about adding an optional integer colum “rows”? 
- Is it conceivable that a server reply could be missing? If so, the script’s state tracking would get messed up I think. Would it make sense to (1) when a new request comes in, check if one is pending and log that one first then (without reply); and (2) do the same at connection_state_remove() time if a request is still pending? 

Leaving the ticket open for now.

> MySQL Protocol Analyzer
> -----------------------
>                 Key: BIT-1285
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1285
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: grigorescu
>            Assignee: Robin Sommer
> topic/vladg/mysql is ready to be merged.
> Note: memleak btest core.leaks.mysql is currently failing due to an issue with how regexes are initialized.

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list