It is possible to trap all the query sent to MySQL, using tcpdump.

This will be done capturing the network traffic. Since this uses the libpcap library, we need to have root privileges.

Because tcpdump will not capture queries sent to socket file, be sure that the request you want to track will not use it.

So having clarified this obvious limitation, let us assume that all the application running locally are accessing MySQL using on standard port 3306.


Capturing the queries to a file named all_query_tcpdump.log executing:

tcpdump -i lo port 3306 -s 2000 -w all_query_tcpdump.log

Please note that we will capture 2000 (-s 2000) headers bytes, which should be fine in the most cases.


Having done the data collection, we have now to analyze it.
For that we will use  thsark (wireshark) :

tshark -r all_query_tcpdump.log -d tcp.port==3306,mysql -T fields -e mysql.query > mysql_query.log

The generated log, will contains a lot of empty lines which could be removed as follow:
cat mysql_query.logt | grep -v "^$" > mysql_clean_query.log

That's all folks!!!


Add comment

Security code

Latest conferences

We have 114 guests and no members online