1.
#!/bin/bash
#this script used montor mysql network traffic.echo sql
tcpdump -i eth0 -s 0 -l -w - dst port 3306 | strings | perl -e '
while(<>) { chomp; next if /^[^ ]+[ ]*$/;
if(/^(SELECT|UPDATE|DELETE|INSERT|SET|COMMIT|ROLLBACK|CREATE|DROP|ALTER|CALL)/i)
{
if (defined $q) { print "$q
"; }
$q=$_;
} else {
$_ =~ s/^[ ]+//; $q.=" $_";
}
}'
2. tcpflow -c -p -i eth0 dst port 3306 | grep -i -E "select|insert|update|delete|replace" | sed 's%(.*)([.]{4})(.*)%3%'