MySQL Query Logging
MySQL has an option to log all queries to a log file, stupidly though you need to restart the server to start/stop this log, its a bit lame, it also adds a lot of overhead to your box. I had the idea some time ago to use libpcap to figure out what gets sent to the server and started the code, I've mostly finished this now.
The MySQL protocol is undocumented but there is a reverse engineered protocol doc here. It is a tad outdated and I've found some queries that does not get parsed perfectly using the info there, I'll look into those some more.
Here are some sample outputs from my code:
# ./mysqldump.pl -i mysql.cap 17:08:44: SET autocommit=1 17:08:44: SELECT last_insert_id() 17:08:44: rollback
It also has a more verbose option:
# ./mysqldump.pl -i mysql.cap -v MySQL Packet: Length : 24 Packet Number : 0 Packet Command : 3 SQL Command : SELECT last_insert_id() Packet Header: Source : 192.168.1.1 Dest : 192.168.1.2 S.Port : 47241 D.Port : 3306 Length : 77 Timestamp: 1150128523.750337
I could make the script do its own dumping using libpcap it's pretty easy but I prefer to only let it read tcpdump files, we get a LOT of queries (> 600 per second) and I don't want slow perl code to affect the servers, tcpdump is pretty fast and efficient.
I use Net::Pcap and NetPacket::TCP to extract the packets from the file, decoding the MySQL commands is pretty easy then:
$plen = ord(substr($pkt, 66, 3)); $pnum = ord(substr($pkt, 69, 1)); $pcmd = ord(substr($pkt, 70, 1)); $cmd = substr($pkt, 71);
The offsets etc is defined in the documentation linked too above, $cmd will now hold the actual query ran against the server, but only where $pcmd == 3.
I'll upload the code for this in the next few days just letting a few people do some beta testing for me first.
UPDATE: You can now get the code here.
About R.I. Pienaar
Systems Administrator, Consultant, Linux Guy, Automator, Ruby CoderLinks
- @ripienaar
- Flashpolicyd
- Flickr
- London DevOps Group
- MCollective Plugins
- R.I.Pienaar
- Ruby PDNS
- The Marionette Collective
- Wiki
Tweets
- Caffiene infused. 2am to bed day before delivering the last talk of the day is not recommended
- Once again discovering that something as simple as correct MX and NS records is a very effective CAPTCHA to weed out idiot hosting companies
- I love the E4 ipad ripoff ad http://srt.ly/epad
- RT @garnaat: The only accurate model of the system is the system itself. All other representations are a compromise. <- what he said
- Parallels announces support for Google Chrome Operating System http://bit.ly/aCXXCJ
- RT @brunns: RT @jaywgraves: This is pretty awesome. http://bit.ly/aJ12Gb
- Kelway are totally wicked hardware suppliers. Threw away a £100 cable by accident, they gave me a freebie replacement
- Police stop runaway Toyota Prius http://bit.ly/904jED
- Vagrant: EC2-Like Virtual Machine Building and Provisioning from Ruby http://bit.ly/cttcgQ
- RT @lochii: http://github.com/alandipert/ncsa-mosaic <-- mosaic now on github, yay!
Reading
Planned books:
- The Science of Fear: How the Culture of Fear Manipulates Your Brain by Daniel Gardner
- Relentless by Dean Koontz
- Mind Over Ship by David Marusek
- The New Space Opera by Gardner Dozois
- The New Space Opera 2 by Gardner Dozois, Jonathan Strahan
Current books:
-
Ariel: A Book of the Change by Steven R. Boyett
Recent books:
- Hacking Vim: A Cookbook to Get the Most Out of the Latest Vim Editor by Kim Schulz
- Beautiful Architecture: Leading Thinkers Reveal the Hidden Beauty in Software Design by Diomidis Spinellis , Georgios Gousios
Categories
Archives
Licence
August 10th, 2006 - 04:02
If you’re running this on an OS that supports DTrace , it might be easier to do it in real-time.
http://blogs.sun.com/roller/page/bmc?entry=dtrace_on_rails
Bryan Cantrill shows a DTrace script he used to monitor Rails, but as a side effect, shows how he counted the top N MySQL queries. Tweaking that script to print out the queries in real-time should probably not be that hard.
August 10th, 2006 - 08:01
That’s pretty kewl, will check it out thanks
February 24th, 2007 - 19:06
This is pretty nice. I have been looking around the internet for a tool that could monitor mysql queries and how long they take. Using PCAP this is the only thing I found.
Have you done any work on this since?
September 15th, 2008 - 12:33
Hi,
What params do i need to launch tcpdump with so that the generated file is readable by your program ?
for now, when I launch the program on a tcpdump file
I got :
First Packet: Mon Sep 15 13:28:40 2008
Last Packet : Mon Sep 15 13:30:03 2008