I'm sorry,I will try the latest version of nprobe.
2014-03-14 2:32 GMT+08:00 modversion <[email protected]>: > Hi all,I run nprobe v.6.15.140222 ($Revision: 3745 $) with plugins in > cents 6.5 x86_64 box. > [root@DBServer ~]# rpm -qa | grep -e oracle -e mysql > mysql-5.1.73-3.el6_5.x86_64 > oracle-xe-11.2.0-1.0.x86_64 > mysql-libs-5.1.73-3.el6_5.x86_64 > mysql-server-5.1.73-3.el6_5.x86_64 > > > A.I run nprobe with "nprobe --ndpi-proto 20 -T "%IPV4_SRC_ADDR > %IPV4_DST_ADDR %IN_PKTS %IN_BYTES %L4_SRC_PORT %L4_DST_PORT %PROTOCOL_MAP > %MYSQL_SERVER_VERSION %MYSQL_USERNAME %MYSQL_DB %MYSQL_QUERY > %MYSQL_RESPONSE" -b 1 -i venet0:0 -a -P /home/mysql/ -D t -V 10" > > 1.I only want to dump tcp 3306 data,but it also dump the tcp 22 (ssh) and > udp data.I've use --ndpi-proto 20 to filter the mysql protocol.Please check > the attachment 57.flows for detail. > > 2.Can I get the mysql response strings like %ORACLE_RSP_STRING ? > > 3.The 57.flows seems lost some data,such as lines 24-25,42-43,54-55,it's > mysql but without any other information. > > 4.I run nprobe with "nprobe --ndpi-proto 167 -T "%IPV4_SRC_ADDR > %IPV4_DST_ADDR %IN_PKTS %IN_BYTES %L4_SRC_PORT %L4_DST_PORT %PROTOCOL_MAP > %ORACLE_USERNAME %ORACLE_QUERY %ORACLE_RSP_CODE %ORACLE_RSP_STRING > %ORACLE_QUERY_DURATION" -b 1 -i venet0:0 -a -P /home/oracle/ -D t -V > 10",but the ORACLE_RSP_STRING returns NULL or "no data found",but in fact > the navicat oracle client get RSP data.Please try grep HELP 21.flows . > > 5.The %ORACLE_USERNAME should be SYSTEM,but nprobe log it as > Administrator,please check 21.flows for details. > > Thank you very much! >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
