MySQL Sniffer

-- Configuring done
-- Generating done
-- Build files have been written to: /root/mysql-sniffer-master

Scanning dependencies of target mysql-sniffer
[ 16%] Building C object bin/CMakeFiles/mysql-sniffer.dir/main.c.o
[ 33%] Building C object bin/CMakeFiles/mysql-sniffer.dir/mysql-dissector.c.o
/root/mysql-sniffer-master/src/mysql-dissector.c: In function ‘decode_mysql_lenenc_int’:
/root/mysql-sniffer-master/src/mysql-dissector.c:112: warning: dereferencing type-punned pointer will break strict-aliasing rules
[ 50%] Building C object bin/CMakeFiles/mysql-sniffer.dir/util.c.o
[ 66%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/session.cpp.o
[ 83%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/sniff-config.cpp.o
[100%] Building CXX object bin/CMakeFiles/mysql-sniffer.dir/sniff-log.cpp.o
Linking CXX executable mysql-sniffer
[100%] Built target mysql-sniffer

CMakeFiles  cmake_install.cmake  Makefile  mysql-sniffer

# ./mysql-sniffer -help
Usage ./mysql-sniffer [-d] -i eth0 -p 3306,3307,3308 -l /var/log/mysql-sniffer/ -e stderr
         [-d] -i eth0 -r 3000-4000
         -d daemon mode.
         -s how often to split the log file(minute, eg. 1440). if less than 0, split log everyday
         -i interface. Default to eth0
         -p port, default to 3306. Multiple ports should be splited by ','. eg. 3306,3307
            this option has no effect when -f is set.
         -r port range, Don't use -r and -p at the same time
         -l query log DIRECTORY. Make sure that the directory is accessible. Default to stdout.
         -e error log FILENAME or 'stderr'. if set to /dev/null, runtime error will not be recorded
         -f filename. use pcap file instead capturing the network interface
         -w white list. dont capture the port. Multiple ports should be splited by ','.
         -t truncation length. truncate long query if it's longer than specified length. Less than 0 means no truncation
         -n keeping tcp stream count, if not set, default is 65536. if active tcp count is larger than the specified count, mysql-sniffer will remove the oldest one

2017-03-08 11:00:08     root     192.168.244.20     NULL              0ms              1     select @@version_comment limit 1
2017-03-08 11:00:08     root     192.168.244.20     NULL              0ms              1     select USER()
2017-03-08 11:00:10     root     192.168.244.20     NULL              0ms              1     select 1
2017-03-08 11:01:46     root     192.168.244.20     NULL              0ms              1     SELECT DATABASE()
2017-03-08 11:01:46     root     192.168.244.20     test             24ms              0     use test
2017-03-08 11:01:46     root     192.168.244.20     test            172ms             14     show databases
2017-03-08 11:01:46     root     192.168.244.20     test              0ms             20     show tables
2017-03-08 11:01:52     root     192.168.244.20     test              0ms             20     show tables
2017-03-08 11:01:57     root     192.168.244.20     test             58ms              9     select * from test1
2017-03-08 11:02:17     root     192.168.244.20     test              0ms              1     SELECT DATABASE()
2017-03-08 11:02:17     root     192.168.244.20     test              0ms              0     use test