nProbe™ and MySQL/HTTP Plugins
Generic packet header-based traffic monitoring is no longer enough. Network administrators need to pin-point problems, understand bottlenecks but in particular to know exactly what is the cause of a certain problem. For this reason it is now necessary to inspect specific protocols in order to understand what’s happened. nProbe™ currently features HTTP and MySQL that in addition to exporting information via NetFlow, it also allows administrators to create log of activities that can help undertstanding what’s really happening on the network.
#
# Client Server Protocol Method URL HTTPReturnCode Referer UserAgent ContentType Bytes BeginTime EndTime Flow Hash Cookie
#
192.168.0.200 api.leoslyrics.com http /api_search.php?auth=mindquirk_harmonic&artist=Franco+Battiato&songtitle=Povera+Patria 200 curl/7.13.1 (powerpc-apple-darwin8.0) libcurl/7.13.1 OpenSSL/0.9.7i zlib/1.2.3 text/xml 10244 1133966831 1133966832 2423982224 0
192.168.0.200 api.leoslyrics.com http /api_search.php?auth=mindquirk_harmonic&artist=Franco+Battiato&songtitle=Povera+Patria 200 curl/7.13.1 (powerpc-apple-darwin8.0) libcurl/7.13.1 OpenSSL/0.9.7i zlib/1.2.3 text/xml 10244 1133966831 1133966832 2423982224 0
192.168.0.200 elyrics.net http /go/f/Franco-Battiato-lyrics/Povera-Patria-lyrics/ 302 curl/7.13.1 (powerpc-apple-darwin8.0) libcurl/7.13.1 OpenSSL/0.9.7i zlib/1.2.3 text/html 1186 1133966832 1133966832 2413138730 0
192.168.0.200 elyrics.net http /go/f/Franco-Battiato-lyrics/Povera-Patria-lyrics/ 302 curl/7.13.1 (powerpc-apple-darwin8.0) libcurl/7.13.1 OpenSSL/0.9.7i zlib/1.2.3 text/html 1186 1133966832 1133966832 2413138730 0
192.168.0.200 www.macintouch.com http /images/iwas01b.gif 200 www.macintouch.com Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 image/gif 12469 1133966828 1133966829 26992028 0
192.168.0.200 www.macintouch.com http /images/iwas01b.gif 200 www.macintouch.com Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 image/gif 12469 1133966828 1133966829 26992028 0
192.168.0.200 www.macintouch.com http / 200 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 text/html 52474 1133966827 1133966829 26992026 0
192.168.0.200 www.macintouch.com http / 200 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 text/html 52474 1133966827 1133966829 26992026 0
192.168.0.200 www.macintouch.com http /images/filewave01.gif 200 www.macintouch.com Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 image/gif 27750 1133966828 1133966830 26992029 0
192.168.0.200 www.macintouch.com http /images/filewave01.gif 200 www.macintouch.com Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 image/gif 27750 1133966828 1133966830 26992029 0
192.168.0.200 www.macintouch.com http /images/filewave02.gif 200 www.macintouch.com Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 image/gif 25505 1133966827 1133966829 26992027 0
192.168.0.200 www.macintouch.com http /images/filewave02.gif 200 www.macintouch.com Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 image/gif 25505 1133966827 1133966829 26992027 0
# Client Server Protocol Method URL HTTPReturnCode Referer UserAgent ContentType Bytes BeginTime EndTime Flow Hash Cookie
#
192.168.0.200 api.leoslyrics.com http /api_search.php?auth=mindquirk_harmonic&artist=Franco+Battiato&songtitle=Povera+Patria 200 curl/7.13.1 (powerpc-apple-darwin8.0) libcurl/7.13.1 OpenSSL/0.9.7i zlib/1.2.3 text/xml 10244 1133966831 1133966832 2423982224 0
192.168.0.200 api.leoslyrics.com http /api_search.php?auth=mindquirk_harmonic&artist=Franco+Battiato&songtitle=Povera+Patria 200 curl/7.13.1 (powerpc-apple-darwin8.0) libcurl/7.13.1 OpenSSL/0.9.7i zlib/1.2.3 text/xml 10244 1133966831 1133966832 2423982224 0
192.168.0.200 elyrics.net http /go/f/Franco-Battiato-lyrics/Povera-Patria-lyrics/ 302 curl/7.13.1 (powerpc-apple-darwin8.0) libcurl/7.13.1 OpenSSL/0.9.7i zlib/1.2.3 text/html 1186 1133966832 1133966832 2413138730 0
192.168.0.200 elyrics.net http /go/f/Franco-Battiato-lyrics/Povera-Patria-lyrics/ 302 curl/7.13.1 (powerpc-apple-darwin8.0) libcurl/7.13.1 OpenSSL/0.9.7i zlib/1.2.3 text/html 1186 1133966832 1133966832 2413138730 0
192.168.0.200 www.macintouch.com http /images/iwas01b.gif 200 www.macintouch.com Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 image/gif 12469 1133966828 1133966829 26992028 0
192.168.0.200 www.macintouch.com http /images/iwas01b.gif 200 www.macintouch.com Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 image/gif 12469 1133966828 1133966829 26992028 0
192.168.0.200 www.macintouch.com http / 200 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 text/html 52474 1133966827 1133966829 26992026 0
192.168.0.200 www.macintouch.com http / 200 Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 text/html 52474 1133966827 1133966829 26992026 0
192.168.0.200 www.macintouch.com http /images/filewave01.gif 200 www.macintouch.com Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 image/gif 27750 1133966828 1133966830 26992029 0
192.168.0.200 www.macintouch.com http /images/filewave01.gif 200 www.macintouch.com Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 image/gif 27750 1133966828 1133966830 26992029 0
192.168.0.200 www.macintouch.com http /images/filewave02.gif 200 www.macintouch.com Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 image/gif 25505 1133966827 1133966829 26992027 0
192.168.0.200 www.macintouch.com http /images/filewave02.gif 200 www.macintouch.com Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/416.12 (KHTML, like Gecko) Safari/416.13 image/gif 25505 1133966827 1133966829 26992027 0
HTTP Logging
#
# Client Server User Database Query ResponseCode Bytes BeginTime EndTime
#
192.168.0.254 192.168.0.254 tfoerste select @@version_comment limit 1 0 802 1216281025 1216281025
192.168.0.254 192.168.0.254 tfoerste SELECT DATABASE() 0 390 1216281025 1216281030
192.168.0.254 192.168.0.254 tfoerste test use database test 0 292 1216281025 1216281030
192.168.0.254 192.168.0.254 tfoerste test show databases 0 294 1216281025 1216281030
192.168.0.254 192.168.0.254 tfoerste test show tables 0 374 1216281025 1216281030
192.168.0.254 192.168.0.254 tfoerste test create table foo (id BIGINT( 10 ) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, animal VARCHAR(64) NOT NULL, name VARCHAR(64) NU 0 843 1216281025 1216281048
192.168.0.254 192.168.0.254 tfoerste test insert into foo (animal, name) values (“dog”, “Goofy”) 0 289 1216281025 1216281057
192.168.0.254 192.168.0.254 tfoerste test insert into foo (animal, name) values (“cat”, “Garfield”) 0 292 1216281025 1216281061
192.168.0.254 192.168.0.254 tfoerste test select * from foo 0 431 1216281025 1216281066
192.168.0.254 192.168.0.254 tfoerste test delete from foo where name like ‘%oo%’ 0 452 1216281025 1216281072
192.168.0.254 192.168.0.254 tfoerste test delete from foo where id = 1 0 263 1216281025 1216281079
192.168.0.254 192.168.0.254 tfoerste test select count(*) from foo 0 311 1216281025 1216281087
192.168.0.254 192.168.0.254 tfoerste test select * from foo 0 467 1216281025 1216281109
192.168.0.254 192.168.0.254 tfoerste test delete from foo 0 413 1216281025 1216281116
192.168.0.254 192.168.0.254 tfoerste test drop table foo 0 249 1216281025 1216281122
# Client Server User Database Query ResponseCode Bytes BeginTime EndTime
#
192.168.0.254 192.168.0.254 tfoerste select @@version_comment limit 1 0 802 1216281025 1216281025
192.168.0.254 192.168.0.254 tfoerste SELECT DATABASE() 0 390 1216281025 1216281030
192.168.0.254 192.168.0.254 tfoerste test use database test 0 292 1216281025 1216281030
192.168.0.254 192.168.0.254 tfoerste test show databases 0 294 1216281025 1216281030
192.168.0.254 192.168.0.254 tfoerste test show tables 0 374 1216281025 1216281030
192.168.0.254 192.168.0.254 tfoerste test create table foo (id BIGINT( 10 ) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, animal VARCHAR(64) NOT NULL, name VARCHAR(64) NU 0 843 1216281025 1216281048
192.168.0.254 192.168.0.254 tfoerste test insert into foo (animal, name) values (“dog”, “Goofy”) 0 289 1216281025 1216281057
192.168.0.254 192.168.0.254 tfoerste test insert into foo (animal, name) values (“cat”, “Garfield”) 0 292 1216281025 1216281061
192.168.0.254 192.168.0.254 tfoerste test select * from foo 0 431 1216281025 1216281066
192.168.0.254 192.168.0.254 tfoerste test delete from foo where name like ‘%oo%’ 0 452 1216281025 1216281072
192.168.0.254 192.168.0.254 tfoerste test delete from foo where id = 1 0 263 1216281025 1216281079
192.168.0.254 192.168.0.254 tfoerste test select count(*) from foo 0 311 1216281025 1216281087
192.168.0.254 192.168.0.254 tfoerste test select * from foo 0 467 1216281025 1216281109
192.168.0.254 192.168.0.254 tfoerste test delete from foo 0 413 1216281025 1216281116
192.168.0.254 192.168.0.254 tfoerste test drop table foo 0 249 1216281025 1216281122
MySQL Logging
