diff --git a/NEWS b/NEWS
index 497138927b..d9e7e2cd0d 100644
--- a/NEWS
+++ b/NEWS
@@ -28,6 +28,22 @@ Breaking Changes
 New Functionality
 -----------------
 
+- Zeek now includes a PostgreSQL protocol analyzer. This analyzer is enabled
+  by default. The analyzer's events and its ``postgresql.log`` should be
+  considered preliminary and experimental until the arrival of Zeek's next
+  long-term-stable release (8.0).
+
+  If you observe unusually high CPU consumption or other issues due to this
+  analyzer being enabled by default, the easiest way to disable it is via the
+  ``Analyzer::disabled_analyzers`` const as follows:
+
+	redef Analyzer::disabled_analyzers += {
+		Analyzer::ANALYZER_POSTGRESQL,
+	};
+
+  If you observe PostgreSQL traffic in your environment, please provide feedback
+  about the analyzer and structure of the new log.
+
 * The LDAP analyzer now supports handling of non-sealed GSS-API WRAP tokens.
 
 * StartTLS support was added to the LDAP analyzer. The SSL analyzer is enabled
diff --git a/scripts/base/init-default.zeek b/scripts/base/init-default.zeek
index 3c65158182..35c75875d2 100644
--- a/scripts/base/init-default.zeek
+++ b/scripts/base/init-default.zeek
@@ -67,6 +67,7 @@
 @load base/protocols/ntlm
 @load base/protocols/ntp
 @load base/protocols/pop3
+@load base/protocols/postgresql
 @load base/protocols/quic
 @load base/protocols/radius
 @load base/protocols/rdp
diff --git a/scripts/base/protocols/postgresql/__load__.zeek b/scripts/base/protocols/postgresql/__load__.zeek
new file mode 100644
index 0000000000..06f9a2e4b5
--- /dev/null
+++ b/scripts/base/protocols/postgresql/__load__.zeek
@@ -0,0 +1,6 @@
+@if ( have_spicy_analyzers() )
+@load ./consts
+@load ./spicy-events
+@load ./main
+@load-sigs ./dpd
+@endif
diff --git a/scripts/base/protocols/postgresql/consts.zeek b/scripts/base/protocols/postgresql/consts.zeek
new file mode 100644
index 0000000000..03a8b23030
--- /dev/null
+++ b/scripts/base/protocols/postgresql/consts.zeek
@@ -0,0 +1,37 @@
+module PostgreSQL;
+
+export {
+	# https://www.postgresql.org/docs/current/protocol-error-fields.html
+	global error_ids: table[string] of string = {
+		["S"] = "SeverityLocalized",
+		["V"] = "Severity",  # non-localized
+		["C"] = "Code",
+		["M"] = "Message",
+		["D"] = "Detail",
+		["H"] = "Hint",
+		["P"] = "Position",
+		["p"] = "InternalPosition",
+		["q"] = "InternalQuery",
+		["W"] = "Where",
+		["s"] = "Schema",
+		["t"] = "Table",
+		["c"] = "Column",
+		["d"] = "Data",
+		["n"] = "Constraint",
+		["F"] = "File",
+		["L"] = "Line",
+		["R"] = "Routine",
+	} &default=function(c: string): string { return fmt("UnknownErrorId%s", c); } &redef;
+
+	global auth_ids: table[count] of string = {
+		[2] = "KerberosV5",
+		[3] = "CleartextPassword",
+		[5] = "MD5Password",
+		[7] = "GSSAPI",
+		[8] = "GSSAPIContinue",
+		[9] = "SSPI",
+		[10] = "SASL",
+		[11] = "SASLContinue",
+		[12] = "SASLFinal",
+	} &default=function(id: count): string { return fmt("UnknownAuthId%s", id); } &redef;
+}
diff --git a/scripts/base/protocols/postgresql/dpd.sig b/scripts/base/protocols/postgresql/dpd.sig
new file mode 100644
index 0000000000..1bae4b0b6b
--- /dev/null
+++ b/scripts/base/protocols/postgresql/dpd.sig
@@ -0,0 +1,29 @@
+# Enable the analyzer if we see the SSLRequest message and a S|N reply from the server.
+signature dpd_postgresql_client_sslrequest {
+  ip-proto == tcp
+  payload /^\x00\x00\x00\x08\x04\xd2\x16\x2f/
+}
+
+signature dpd_postgresql_server_ssl_confirm {
+  requires-reverse-signature dpd_postgresql_client_sslrequest
+  payload /^[SN]/
+  enable "PostgreSQL"
+}
+
+signature dpd_postgresql_client_startup_3_x {
+  ip-proto == tcp
+  # 4 byte length, then protocol version major, minor (16bit each),
+  # then expect the "user\x00" parameter to follow. Not sure about
+  # other versions, but we likely wouldn't properly parse them anyway.
+  payload /^....\x00\x03\x00.{0,256}user\x00/
+}
+
+signature dpd_postgresql_server_any_response {
+  requires-reverse-signature dpd_postgresql_client_startup_3_x
+
+  # One byte printable message type 4 bytes length. Assumes the first
+  # server message is not larger 64k(2^16) so match on \x00\x00 after
+  # the first byte.
+  payload /^[a-zA-Z0-9]\x00\x00../
+  enable "PostgreSQL"
+}
diff --git a/scripts/base/protocols/postgresql/main.zeek b/scripts/base/protocols/postgresql/main.zeek
new file mode 100644
index 0000000000..d7cc1cc45f
--- /dev/null
+++ b/scripts/base/protocols/postgresql/main.zeek
@@ -0,0 +1,245 @@
+##! Implements base functionality for PostgreSQL analysis.
+
+@load ./consts
+@load ./spicy-events
+
+@load base/protocols/conn/removal-hooks
+
+module PostgreSQL;
+
+export {
+	## Log stream identifier.
+	redef enum Log::ID += { LOG };
+
+	type Version: record {
+		major: count;
+		minor: count;
+	};
+
+	## Record type containing the column fields of the PostgreSQL log.
+	type Info: record {
+		## Timestamp for when the activity happened.
+		ts: time &log;
+		## Unique ID for the connection.
+		uid: string &log;
+		## The connection's 4-tuple of endpoint addresses/ports.
+		id: conn_id &log;
+
+		## The user as found in the StartupMessage.
+		user: string &optional &log;
+		## The database as found in the StartupMessage.
+		database: string &optional &log;
+		## The application name as found in the StartupMessage.
+		application_name: string &optional &log;
+
+		# The command or message from the frontend.
+		frontend: string &optional &log;
+		# Arguments for the command.
+		frontend_arg: string &optional &log;
+		# The reply from the backend.
+		backend: string &optional &log;
+		# Arguments for the reply from the backend.
+		backend_arg: string &optional &log;
+
+		# Whether the login/query was successful.
+		success: bool &optional &log;
+
+		# The number of rows returned or affectd.
+		rows: count &optional &log;
+	};
+
+	type State: record {
+		version: Version &optional;
+		user: string &optional;
+		database: string &optional;
+		application_name: string &optional;
+		rows: count &default=0;
+		errors: vector of string;
+	};
+
+	## Default hook into PostgreSQL logging.
+	global log_postgresql: event(rec: Info);
+
+	global finalize_postgresql: Conn::RemovalHook;
+
+	global ports: set[port] = { 5432/tcp } &redef;
+}
+
+redef record connection += {
+	postgresql: Info &optional;
+	postgresql_state: State &optional;
+};
+
+redef likely_server_ports += { ports };
+
+event zeek_init() {
+	Analyzer::register_for_ports(Analyzer::ANALYZER_POSTGRESQL, ports);
+
+	Log::create_stream(PostgreSQL::LOG, [$columns=Info, $ev=log_postgresql, $path="postgresql"]);
+}
+
+hook set_session(c: connection) {
+	if ( ! c?$postgresql )
+		c$postgresql = Info($ts=network_time(), $uid=c$uid, $id=c$id);
+
+	if ( ! c?$postgresql_state ) {
+		c$postgresql_state = State();
+		Conn::register_removal_hook(c, finalize_postgresql);
+	}
+}
+
+function emit_log(c: connection) {
+	if ( ! c?$postgresql )
+		return;
+
+	if ( c$postgresql_state?$user )
+		c$postgresql$user = c$postgresql_state$user;
+
+	if ( c$postgresql_state?$database )
+		c$postgresql$database = c$postgresql_state$database;
+
+	if ( c$postgresql_state?$application_name )
+		c$postgresql$application_name = c$postgresql_state$application_name;
+
+	Log::write(PostgreSQL::LOG, c$postgresql);
+	delete c$postgresql;
+}
+
+event PostgreSQL::ssl_request(c: connection) {
+	hook set_session(c);
+
+	c$postgresql$frontend = "ssl_request";
+}
+
+event PostgreSQL::ssl_reply(c: connection, b: string) {
+	hook set_session(c);
+
+	c$postgresql$backend = "ssl_reply";
+	c$postgresql$backend_arg = b;
+	c$postgresql$success = b == "S";
+
+	emit_log(c);
+}
+
+event PostgreSQL::startup_parameter(c: connection, name: string, value: string) {
+	hook set_session(c);
+
+	if ( name == "user" ) {
+		c$postgresql_state$user = value;
+	} else if ( name == "database" ) {
+		c$postgresql_state$database = value;
+	} else if ( name== "application_name" ) {
+		c$postgresql_state$application_name = value;
+	}
+}
+
+event PostgreSQL::startup_message(c: connection, major: count, minor: count) {
+	hook set_session(c);
+
+	c$postgresql_state$version = Version($major=major, $minor=minor);
+	c$postgresql$frontend = "startup";
+}
+
+event PostgreSQL::error_response_identified_field(c: connection, code: string, value: string) {
+	hook set_session(c);
+
+	local errors = c$postgresql_state$errors;
+	errors += fmt("%s=%s", error_ids[code], value);
+}
+
+event PostgreSQL::notice_response_identified_field(c: connection, code: string, value: string) {
+	hook set_session(c);
+
+	local notice = fmt("%s=%s", error_ids[code], value);
+	if ( c$postgresql?$backend_arg )
+		c$postgresql$backend_arg += "," + notice;
+	else
+		c$postgresql$backend_arg = notice;
+}
+
+event PostgreSQL::error_response(c: connection) {
+	hook set_session(c);
+
+	if ( c$postgresql?$backend )
+		c$postgresql$backend += ",error";
+	else
+		c$postgresql$backend = "error";
+
+	local errors = join_string_vec(c$postgresql_state$errors, ",");
+	c$postgresql_state$errors = vector();
+
+	if ( c$postgresql?$backend_arg )
+		c$postgresql$backend_arg += "," + errors;
+	else
+		c$postgresql$backend_arg = errors;
+
+	c$postgresql$success = F;
+
+	emit_log(c);
+}
+
+event PostgreSQL::authentication_request(c: connection, identifier: count, data: string) {
+	hook set_session(c);
+
+	if ( c$postgresql?$backend && ! ends_with(c$postgresql$backend, "auth") )
+		c$postgresql$backend += ",auth_request";
+	else
+		c$postgresql$backend = "auth_request";
+
+	if ( c$postgresql?$backend_arg )
+		c$postgresql$backend_arg += "," + auth_ids[identifier];
+	else
+		c$postgresql$backend_arg = auth_ids[identifier];
+}
+
+event PostgreSQL::authentication_ok(c: connection) {
+	hook set_session(c);
+
+	c$postgresql$backend = "auth_ok";
+	c$postgresql$success = T;
+
+	emit_log(c);
+}
+
+event PostgreSQL::terminate(c: connection) {
+	if ( c?$postgresql )
+		emit_log(c);
+
+	hook set_session(c);
+	c$postgresql$frontend = "terminate";
+	emit_log(c);
+}
+
+event PostgreSQL::simple_query(c: connection, query: string) {
+	if ( c?$postgresql )
+		emit_log(c);
+
+	hook set_session(c);
+
+	c$postgresql$frontend = "simple_query";
+	c$postgresql$frontend_arg = query;
+	c$postgresql_state$rows = 0;
+}
+
+event PostgreSQL::data_row(c: connection, column_values: count) {
+	hook set_session(c);
+
+	++c$postgresql_state$rows;
+}
+
+event PostgreSQL::ready_for_query(c: connection, transaction_status: string) {
+	# Log a query (if there was one).
+	if ( ! c?$postgresql )
+		return;
+
+	# If no one said otherwise, the last action was successful.
+	if ( ! c$postgresql?$success )
+		c$postgresql$success = transaction_status == "I" || transaction_status == "T";
+
+	c$postgresql$rows = c$postgresql_state$rows;
+	emit_log(c);
+}
+
+hook finalize_postgresql(c: connection) &priority=-5 {
+	emit_log(c);
+}
diff --git a/scripts/base/protocols/postgresql/spicy-events.zeek b/scripts/base/protocols/postgresql/spicy-events.zeek
new file mode 100644
index 0000000000..0c48c2bfe2
--- /dev/null
+++ b/scripts/base/protocols/postgresql/spicy-events.zeek
@@ -0,0 +1,147 @@
+##! Events generated by the PostgreSQL analyzer.
+
+## Event generated for frontend SSLRequest messages.
+##
+## c: The connection.
+global PostgreSQL::ssl_request: event(c: connection);
+
+## Event generated for backend SSL reply.
+##
+## c: The connection.
+##
+## data: The server's reply: S for secure, N for unencrypted.
+global PostgreSQL::ssl_reply: event(c: connection, data: string);
+
+## Event generated for backend authentication requests.
+##
+## c: The connection.
+##
+## identifier: The identifier in the request.
+##
+## data: The request data, if any.
+##
+## .. zeek:see:: PostgreSQL::authentication_response
+## .. zeek:see:: PostgreSQL::authentication_ok
+global PostgreSQL::authentication_request: event(c: connection, identifier: count, data: string);
+
+## Event generated for backend authentication requests indicating successful
+## authentication.
+##
+## c: The connection.
+##
+## .. zeek:see:: PostgreSQL::authentication_request
+## .. zeek:see:: PostgreSQL::authentication_response
+global PostgreSQL::authentication_ok: event(c: connection);
+
+## Event generated for frontend authentication responses.
+##
+## c: The connection.
+##
+## data: The response data, if any.
+##
+## .. zeek:see:: PostgreSQL::authentication_request
+## .. zeek:see:: PostgreSQL::authentication_ok
+global PostgreSQL::authentication_response: event(c: connection, data: string);
+
+
+## Event generated for every parameter in a StartupMessage.
+##
+## c: The connection.
+##
+## name: The name of the parameter.
+##
+## value: The value of the parameter.
+global PostgreSQL::startup_parameter: event(c: connection, name: string, value: string);
+
+## Event generated for a StartupMessage.
+##
+## c: The connection.
+##
+## major: The major protocol version.
+##
+## minor: The minor protocol version.
+global PostgreSQL::startup_message: event(c: connection, major: count, minor: count);
+
+## Event generated for every backed ReadyForQuery message.
+##
+## c: The connection.
+##
+## transaction_status: I (idle), T (in transaction block), E (error).
+global PostgreSQL::ready_for_query: event(c: connection, transaction_status: string);
+
+## Event generated for every frontend SimpleQuery message.
+##
+## c: The connection.
+##
+## query: The query string.
+global PostgreSQL::simple_query: event(c: connection, query: string);
+
+## Event generated for identified field within an ErrorResponse.
+##
+## c: The connection.
+##
+## code: The code (https://www.postgresql.org/docs/current/protocol-error-fields.html)
+##
+## value: The field value.
+##
+## .. zeek:see:: PostgreSQL::error_response
+global PostgreSQL::error_response_identified_field: event(c: connection, code: string, value: string);
+
+## Event generated for a ErrorResponse.
+##
+## c: The connection.
+##
+## .. zeek:see:: PostgreSQL::error_response_identified_field
+global PostgreSQL::error_response: event(c: connection);
+
+## Event generated for identified field within a NoticeResponse.
+##
+## c: The connection.
+##
+## code: The code (https://www.postgresql.org/docs/current/protocol-error-fields.html)
+##
+## value: The field value.
+##
+## .. zeek:see:: PostgreSQL::notice_response
+global PostgreSQL::notice_response_identified_field: event(c: connection, code: string, value: string);
+
+## Event generated for a NoticeResponse.
+##
+## c: The connection.
+##
+## .. zeek:see:: PostgreSQL::notice_response_identified_field
+global PostgreSQL::notice_response: event(c: connection);
+
+## Event generated for every backend DataRow message.
+##
+## c: The connection.
+##
+## column_values: The number of columns in this row.
+global PostgreSQL::data_row: event(c: connection, column_values: count);
+
+## Event generated for backend runtime parameter status reports.
+##
+## c: The connection.
+##
+## name: The name of the runtime parameter.
+##
+## value: The current value of the parameter.
+##
+global PostgreSQL::parameter_status: event(c: connection, name: string, value: string);
+
+## Generated for a BackendKeyData message for cancellation.
+##
+## c: The connection.
+##
+## process_id: The process ID of the backend.
+##
+## secret_key: The secret key of the backend.
+global PostgreSQL::backend_key_data: event(c: connection, process_id: count, secret_key: count);
+
+## Event generated For a frontend Terminate message.
+##
+## c: The connection.
+global PostgreSQL::terminate: event(c: connection);
+
+## Event generated for not implemented messages.
+global PostgreSQL::not_implemented: event(c: connection, is_orig: bool, typ: string, chunk: string);
diff --git a/src/analyzer/protocol/CMakeLists.txt b/src/analyzer/protocol/CMakeLists.txt
index 896c53b4e6..654b1bab03 100644
--- a/src/analyzer/protocol/CMakeLists.txt
+++ b/src/analyzer/protocol/CMakeLists.txt
@@ -28,6 +28,7 @@ add_subdirectory(ntlm)
 add_subdirectory(ntp)
 add_subdirectory(pia)
 add_subdirectory(pop3)
+add_subdirectory(postgresql)
 add_subdirectory(quic)
 add_subdirectory(radius)
 add_subdirectory(rdp)
diff --git a/src/analyzer/protocol/postgresql/CMakeLists.txt b/src/analyzer/protocol/postgresql/CMakeLists.txt
new file mode 100644
index 0000000000..5b638e765f
--- /dev/null
+++ b/src/analyzer/protocol/postgresql/CMakeLists.txt
@@ -0,0 +1,5 @@
+spicy_add_analyzer(
+    NAME PostgreSQL
+    PACKAGE_NAME spicy-postgresql
+    SOURCES postgresql.spicy postgresql.evt postgresql_zeek.spicy
+    MODULES PostgreSQL PostgreSQL_Zeek)
diff --git a/src/analyzer/protocol/postgresql/postgresql.evt b/src/analyzer/protocol/postgresql/postgresql.evt
new file mode 100644
index 0000000000..c01e6262e8
--- /dev/null
+++ b/src/analyzer/protocol/postgresql/postgresql.evt
@@ -0,0 +1,42 @@
+import PostgreSQL;
+import PostgreSQL_Zeek;
+
+protocol analyzer PostgreSQL over TCP:
+    parse originator with PostgreSQL::FrontendMessages,
+    parse responder with PostgreSQL::BackendMessages;
+
+on PostgreSQL::NotImplemented -> event PostgreSQL::not_implemented($conn, $is_orig, ("%c" % typ), self.chunk);
+
+on PostgreSQL::AuthenticationRequest if ( self.identifier != 0 )-> event PostgreSQL::authentication_request($conn, self.identifier, self.data);
+
+on PostgreSQL::AuthenticationRequest if ( self.identifier == 0 ) -> event PostgreSQL::authentication_ok($conn);
+
+on PostgreSQL::AuthenticationResponse -> event PostgreSQL::authentication_response($conn, self.data);
+
+on PostgreSQL::FrontendMessages::ssl_request -> event PostgreSQL::ssl_request($conn);
+
+on PostgreSQL::MaybeBackendSSL::ssl_byte -> event PostgreSQL::ssl_reply($conn, ("%c" % self.ssl_byte));
+
+on PostgreSQL::StartupParameter -> event PostgreSQL::startup_parameter($conn, self.name, self.value);
+
+on PostgreSQL::StartupMessage -> event PostgreSQL::startup_message($conn, self.version.major, self.version.minor);
+
+on PostgreSQL::ErrorIdentifiedField -> event PostgreSQL::error_response_identified_field($conn, ("%c" % self.code), self.value);
+
+on PostgreSQL::ErrorResponse -> event PostgreSQL::error_response($conn);
+
+on PostgreSQL::SimpleQuery -> event PostgreSQL::simple_query($conn, self.query);
+
+on PostgreSQL::ReadyForQuery -> event PostgreSQL::ready_for_query($conn, "%c" % self.transaction_status);
+
+on PostgreSQL::NoticeIdentifiedField -> event PostgreSQL::notice_response_identified_field($conn, ("%c" % self.code), self.value);
+
+on PostgreSQL::NoticeResponse -> event PostgreSQL::notice_response($conn);
+
+on PostgreSQL::Terminate -> event PostgreSQL::terminate($conn);
+
+on PostgreSQL::DataRow -> event PostgreSQL::data_row($conn, self.column_values);
+
+on PostgreSQL::ParameterStatus -> event PostgreSQL::parameter_status($conn, self.name, self.value);
+
+on PostgreSQL::BackendKeyData -> event PostgreSQL::backend_key_data($conn, self.process_id, self.secret_key);
diff --git a/src/analyzer/protocol/postgresql/postgresql.spicy b/src/analyzer/protocol/postgresql/postgresql.spicy
new file mode 100644
index 0000000000..897723b7aa
--- /dev/null
+++ b/src/analyzer/protocol/postgresql/postgresql.spicy
@@ -0,0 +1,337 @@
+# A PostgreSQL analyzer.
+#
+# https://www.postgresql.org/docs/current/protocol.html
+#
+# Protocol version 3.0
+
+module PostgreSQL;
+
+import spicy;
+
+type SSLFrontendState = enum {
+    Requested,
+    NotRequested,
+};
+
+type SSLBackendState = enum {
+    S,
+    N,
+};
+
+# How many chunks to buffer initially when seeing a backend message
+# before a frontend or vice versa.
+const MAX_BUFFERED = 4;
+
+# When a connection switches to SSL, this consumes all the SSL chunks.
+# In zeek_postgres.spicy, SSLSink%init calls zeek::protocol_begin() and
+# then zeek::protocol_data_in()
+#
+# There's a single SSLSink shared between backend and frontend.
+type SSLSink = unit {
+    chunk: bytes &chunked &eod;
+};
+
+# Used as context for synchronization between frontend/backend.
+type Context = struct {
+    ssl_frontend_state: SSLFrontendState;
+    ssl_backend_state: SSLBackendState;
+    ssl_sink: sink&;
+    ssl_sink_connected: bool;
+};
+
+type ProtocolVersion = unit {
+    major: uint16;
+    minor: uint16;
+};
+
+type StartupParameter = unit {
+    name: /[-_\/A-Za-z0-9]+/ &requires=(|$$| > 0);
+    : uint8 &requires=($$ == 0);
+    value: /[\x20-\x7e]+/ &requires=(|$$| > 0);
+    : uint8 &requires=($$ == 0);
+};
+
+type StartupMessage = unit {
+    length: uint32 &requires=(self.length >= 9);
+    version: ProtocolVersion &requires=($$.major == 3);
+    parameters: StartupParameter[] &size=self.length - 9;
+    : skip b"\x00";
+};
+
+# Top-level entry for the client.
+public type FrontendMessages = unit {
+    %context = Context;
+    on %init {
+        # Until the first FrontendMessages are initialized, ssl_sink in the
+        # context is a Null reference. Also, we want to use a single sink
+        # for both, frontend and backend by calling beg
+        self.context().ssl_sink = self.s1;
+    }
+
+    var buffered: vector<bytes>;
+    var s1_connected: bool;
+    var ssl_requested: bool;
+    sink s1;
+
+    # Peek at the client data.
+    length: uint32 &requires=(self.length >= 8);
+    version_or_magic: uint32 {
+        self.ssl_requested = self.length == 8 && $$ == 80877103;
+
+        if (self.ssl_requested) {
+            self.context().ssl_frontend_state = SSLFrontendState::Requested;
+        } else {
+            self.context().ssl_frontend_state = SSLFrontendState::NotRequested;
+            self.context().ssl_backend_state = SSLBackendState::N;
+
+            # Pre-check the supported major version here.
+            local major = $$ >> 16;
+            if (major != 3)
+                throw "unsupported PostgreSQL major version %s" % major;
+
+            # Put length and version back into the buffer so PlainFrontendMessages
+            # can re-parse it.
+            #
+            # This explicitly avoids using random access functionality like
+            # `self.input()` and `self.set_input()` which would disable automatic
+            # trimming in this unit (which is top-level unit parsing unbounded
+            # amounts of data).
+            self.buffered.push_back(pack(self.length, spicy::ByteOrder::Network));
+            self.buffered.push_back(pack(self.version_or_magic, spicy::ByteOrder::Network));
+        }
+    }
+
+    # void field for raising an event.
+    ssl_request: void if(self.ssl_requested == True);
+
+    # print "frontend ssl", self.context();
+
+    # If the client requested SSL, we do not know how to continue parsing
+    # until the server confirmed SSL usage via 'S' or 'N' responses. As long
+    # as it hasn't responded, stall the parsing here and buffer bytes until
+    # the context() is populated.
+    #
+    # In normal operations, Zeek should see the server's response before
+    # attempting to parse more data, but Robin was concerned it that in
+    # some circumstances (out-of-order packets, reassembly artifacts) we
+    # may see the client's data before the server's.
+    #
+    # In the future, barrier: https://github.com/zeek/spicy/pull/1373
+    : bytes &chunked &eod {
+        if (!self.context().ssl_backend_state) {
+            self.buffered.push_back($$);
+
+            if (|self.buffered| > MAX_BUFFERED)
+                throw "too many frontend messages buffered";
+        } else {
+            # print "frontend ssl_state backend set!", self.context();
+            if (!self.s1_connected) {
+                if (self.context().ssl_backend_state == SSLBackendState::S) {
+                    if (!self.context().ssl_sink_connected) {
+                        self.context().ssl_sink.connect(new SSLSink());
+                        self.context().ssl_sink_connected = True;
+                    }
+                } else {
+                    # print "connecting plain frontend messages";
+                    self.s1.connect(new PlainFrontendMessages());
+                }
+
+                self.s1_connected = True;
+
+                if (|self.buffered| > 0) {
+                    for (b in self.buffered)
+                        self.s1.write(b);
+                }
+
+                self.buffered.resize(0);
+            }
+
+            self.s1.write($$);
+        }
+    }
+};
+
+type PlainFrontendMessages = unit {
+    startup_message: StartupMessage;
+    : FrontendMessage[];
+};
+
+type FrontendMessage = unit {
+    typ: uint8;
+    length: uint32 &requires=(self.length >= 4);
+
+    switch (self.typ) {
+        'p' -> : AuthenticationResponse;
+        'X' -> : Terminate;
+        'Q' -> : SimpleQuery;
+        * -> not_implemented: NotImplemented(self.typ);
+    } &size=self.length - 4;
+};
+
+type AuthenticationResponse = unit {
+    # This is PasswordMessage, SASLInitialMessage, etc. based on context.
+    # For now, just thread it through.
+    data: bytes &eod;
+};
+
+type Terminate = unit {};
+
+type SimpleQuery = unit {
+    query: bytes &until=b"\x00";
+};
+
+# The client has requested SSL, the server either confirms (S) or
+# stays in plaintext (N) mode. Depending on the result, we connect
+# our sink to the SSL sink, or to a PlainBackendMessages unit.
+#
+type MaybeBackendSSL = unit(ctx: Context&) {
+
+    # Connected SSL, or plaintext.
+    sink s1;
+
+    ssl_byte: uint8 &requires=($$ == 'S' || $$ == 'N') {
+        # print "backend ssl_byte", $$;
+        if ($$ == 'S') {
+            ctx.ssl_backend_state = SSLBackendState::S;
+            if (!ctx.ssl_sink_connected) {
+                ctx.ssl_sink.connect(new SSLSink());
+                ctx.ssl_sink_connected = True;
+            }
+
+            # Share the SSL sink with the frontend.
+            self.s1 = ctx.ssl_sink;
+        } else {
+            ctx.ssl_backend_state = SSLBackendState::N;
+            self.s1.connect(new PlainBackendMessages());
+        }
+    }
+
+    # Now that s1 is connected, forward the rest of the connection to it.
+    : bytes &chunked &eod -> self.s1;
+};
+
+# Top-level entry for the server.
+public type BackendMessages = unit {
+    %context = Context;
+
+    var buffered: vector<bytes>;
+    var s1_connected: bool;
+    sink s1;
+
+    # Buffer until the SSL frontend state was populated.
+    : bytes &chunked &eod {
+        if (!self.context().ssl_frontend_state) {
+            # print "backend buffering ", |$$|;
+            self.buffered.push_back($$);
+
+            if (|self.buffered| > MAX_BUFFERED)
+                throw "too many backend messages buffered";
+        } else {
+            # The ssl_frontend_state has been set. If The client requested SSL,
+            # connect to an SSLMaybe instance. If it did not, connect
+            # directly to PlainBackendMessages.
+            # print "backend", self.context(), |self.buffered|, self.s1, self.s1_connected;
+            if (!self.s1_connected) {
+
+                if (self.context().ssl_frontend_state == SSLFrontendState::Requested) {
+                    self.s1.connect(new MaybeBackendSSL(self.context()));
+                } else {
+                    self.s1.connect(new PlainBackendMessages());
+                }
+
+                self.s1_connected = True;
+
+                if (|self.buffered| > 0) {
+                    for (b in self.buffered)
+                        self.s1.write(b);
+                }
+                self.buffered.resize(0);
+            }
+
+            # print "backend writing to sink", $$, |self.s1|;
+            self.s1.write($$);
+        }
+    }
+};
+
+type PlainBackendMessages = unit {
+    : BackendMessage[];
+};
+
+type BackendMessage = unit {
+    typ: uint8;
+    length: uint32 &requires=(self.length >= 4);
+
+    switch (self.typ) {
+        'K' -> backend_key_data: BackendKeyData;
+        'E' -> error: ErrorResponse;
+        'R' -> auth: AuthenticationRequest(self.length - 4);
+        'S' -> parameter_status: ParameterStatus;
+        'D' -> data_row: DataRow;
+        'Z' -> ready_for_query: ReadyForQuery;
+        'N' -> notice: NoticeResponse;
+        * -> not_implemented: NotImplemented(self.typ);
+    } &size=self.length - 4;
+};
+
+type ParameterStatus = unit {
+    name: /[-_\/A-Za-z0-9]+/ &requires=(|$$| > 0);
+    : uint8 &requires=($$ == 0);
+    value: /[\x20-\x7e]+/ &requires=(|$$| > 0);
+    : uint8 &requires=($$ == 0);
+};
+
+# Possible values are 'I' if idle (not in a transaction block);
+# 'T' if in a transaction block; or 'E' if in a failed transaction block
+# (queries will be rejected until block is ended).
+type ReadyForQuery = unit {
+    transaction_status: uint8 &requires=($$ == 'I' || $$ == 'T' || $$ == 'E');
+};
+
+type NoticeIdentifiedField = unit {
+    code: uint8;
+    value: bytes &until=b"\x00";
+};
+
+type NoticeResponse = unit {
+    : NoticeIdentifiedField[];
+    : skip b"\x00";
+};
+
+# Just for counting right now.
+type DataRow = unit {
+    column_values: uint16;
+    : skip bytes &eod;
+};
+
+# Fields with a 1 byte field as documented here:
+# https://www.postgresql.org/docs/current/protocol-error-fields.html
+type ErrorIdentifiedField = unit {
+    code: uint8;
+    value: bytes &until=b"\x00";
+};
+
+type ErrorResponse = unit {
+    : ErrorIdentifiedField[];
+    : skip b"\x00";
+};
+
+type AuthenticationRequest = unit(length: uint32) {
+    identifier: uint32 &requires=($$ <= 12) {
+        if (self.identifier == 0 && length != 4)
+            throw "AuthenticationOK with wrong length: %s" % length;
+    }
+
+    # There's more structure (GSS-API, SASL, cleartext), but for now
+    # just thread through the raw data.
+    data: bytes &eod;
+};
+
+type BackendKeyData = unit {
+    process_id: uint32;
+    secret_key: uint32;
+};
+
+type NotImplemented = unit(typ: uint8) {
+    chunk: bytes &eod;
+};
diff --git a/src/analyzer/protocol/postgresql/postgresql_zeek.spicy b/src/analyzer/protocol/postgresql/postgresql_zeek.spicy
new file mode 100644
index 0000000000..d6cb4425af
--- /dev/null
+++ b/src/analyzer/protocol/postgresql/postgresql_zeek.spicy
@@ -0,0 +1,43 @@
+# Set up protocol confirmation/rejection for analyzers, as well as any further
+# Zeek-specific analysis.
+
+module PostgreSQL_Zeek;
+
+import PostgreSQL;
+import zeek;
+
+# If we see a client StartupMessage, that's pretty good.
+on PostgreSQL::StartupMessage::%done {
+    zeek::confirm_protocol();
+}
+
+# If the server replied with an ssl_byte and we let it through,
+# that's also pretty good.
+on PostgreSQL::MaybeBackendSSL::ssl_byte {
+    zeek::confirm_protocol();
+}
+
+on PostgreSQL::SSLSink::%init {
+    zeek::protocol_begin("SSL");
+}
+
+on PostgreSQL::SSLSink::%done {
+    zeek::protocol_end();
+}
+
+on PostgreSQL::SSLSink::chunk {
+    # print "ssl_chunk", zeek::is_orig(), self;
+    zeek::protocol_data_in(zeek::is_orig(), self.chunk);
+}
+
+on PostgreSQL::StartupMessage::%error(msg: string) {
+    zeek::reject_protocol("error while parsing PostgreSQL StartupMessage: %s" % msg);
+}
+
+on PostgreSQL::FrontendMessage::%error(msg: string) {
+    zeek::reject_protocol("error while parsing PostgreSQL: %s" % msg);
+}
+
+on PostgreSQL::BackendMessage::%error(msg: string) {
+    zeek::reject_protocol("error while parsing PostgreSQL: %s" % msg);
+}
diff --git a/testing/btest/Baseline/core.print-bpf-filters/output2 b/testing/btest/Baseline/core.print-bpf-filters/output2
index 008e033114..aa3b0f8410 100644
--- a/testing/btest/Baseline/core.print-bpf-filters/output2
+++ b/testing/btest/Baseline/core.print-bpf-filters/output2
@@ -38,6 +38,7 @@
 2 53
 1 5353
 1 5355
+1 5432
 1 563
 1 585
 1 587
@@ -65,8 +66,8 @@
 1 992
 1 993
 1 995
-74 and
-73 or
-74 port
-46 tcp
+75 and
+74 or
+75 port
+47 tcp
 28 udp
diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
index 07dc32da6d..01b7a84395 100644
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@@ -435,6 +435,10 @@ scripts/base/init-default.zeek
     scripts/base/protocols/ntp/main.zeek
     scripts/base/protocols/ntp/consts.zeek
   scripts/base/protocols/pop3/__load__.zeek
+  scripts/base/protocols/postgresql/__load__.zeek
+    scripts/base/protocols/postgresql/consts.zeek
+    scripts/base/protocols/postgresql/spicy-events.zeek
+    scripts/base/protocols/postgresql/main.zeek
   scripts/base/protocols/quic/__load__.zeek
     scripts/base/protocols/quic/spicy-events.zeek
     scripts/base/protocols/quic/consts.zeek
diff --git a/testing/btest/Baseline/coverage.find-bro-logs/out b/testing/btest/Baseline/coverage.find-bro-logs/out
index ad46a67218..942ef6e082 100644
--- a/testing/btest/Baseline/coverage.find-bro-logs/out
+++ b/testing/btest/Baseline/coverage.find-bro-logs/out
@@ -41,6 +41,7 @@ ocsp
 openflow
 packet_filter
 pe
+postgresql
 print_log_path
 quic
 radius
diff --git a/testing/btest/Baseline/coverage.record-fields/out.default b/testing/btest/Baseline/coverage.record-fields/out.default
index 25aec2b3c8..21b8fde5b3 100644
--- a/testing/btest/Baseline/coverage.record-fields/out.default
+++ b/testing/btest/Baseline/coverage.record-fields/out.default
@@ -509,6 +509,35 @@ connection {
         * size: count, log=F, optional=F
         * state: count, log=F, optional=F
        }
+  * postgresql: record PostgreSQL::Info, log=F, optional=T
+      PostgreSQL::Info {
+        * application_name: string, log=T, optional=T
+        * backend: string, log=T, optional=T
+        * backend_arg: string, log=T, optional=T
+        * database: string, log=T, optional=T
+        * frontend: string, log=T, optional=T
+        * frontend_arg: string, log=T, optional=T
+        * id: record conn_id, log=T, optional=F
+            conn_id { ... }
+        * rows: count, log=T, optional=T
+        * success: bool, log=T, optional=T
+        * ts: time, log=T, optional=F
+        * uid: string, log=T, optional=F
+        * user: string, log=T, optional=T
+       }
+  * postgresql_state: record PostgreSQL::State, log=F, optional=T
+      PostgreSQL::State {
+        * application_name: string, log=F, optional=T
+        * database: string, log=F, optional=T
+        * errors: vector of string, log=F, optional=F
+        * rows: count, log=F, optional=T
+        * user: string, log=F, optional=T
+        * version: record PostgreSQL::Version, log=F, optional=T
+            PostgreSQL::Version {
+              * major: count, log=F, optional=F
+              * minor: count, log=F, optional=F
+             }
+       }
   * quic: record QUIC::Info, log=F, optional=T
       QUIC::Info {
         * client_initial_dcid: string, log=T, optional=T
diff --git a/testing/btest/Baseline/scripts.base.files.x509.files/files.log b/testing/btest/Baseline/scripts.base.files.x509.files/files.log
index ce19924fa1..e64dfc52c0 100644
--- a/testing/btest/Baseline/scripts.base.files.x509.files/files.log
+++ b/testing/btest/Baseline/scripts.base.files.x509.files/files.log
@@ -7,10 +7,10 @@
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	fuid	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256
 #types	time	string	string	addr	port	addr	port	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string
-XXXXXXXXXX.XXXXXX	FgN3AE3of2TRIqaeQe	CHhAvVGS1DHFjwGM9	192.168.4.149	60623	74.125.239.129	443	SSL	0	X509,SHA256,SHA1,MD5	application/x-x509-user-cert	-	0.000000	F	F	1859	-	0	0	F	-	7af07aca6d5c6e8e87fe4bb34786edc0	548b9e03bc183d1cd39f93a37985cb3950f8f06f	6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43
-XXXXXXXXXX.XXXXXX	Fv2Agc4z5boBOacQi6	CHhAvVGS1DHFjwGM9	192.168.4.149	60623	74.125.239.129	443	SSL	0	X509,SHA256,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	1032	-	0	0	F	-	9e4ac96474245129d9766700412a1f89	d83c1a7f4d0446bb2081b81a1670f8183451ca24	a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d
-XXXXXXXXXX.XXXXXX	Ftmyeg2qgI2V38Dt3g	CHhAvVGS1DHFjwGM9	192.168.4.149	60623	74.125.239.129	443	SSL	0	X509,SHA256,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	897	-	0	0	F	-	2e7db2a31d0e3da4b25f49b9542a2e1a	7359755c6df9a0abc3060bce369564c8ec4542a3	3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0
-XXXXXXXXXX.XXXXXX	FUFNf84cduA0IJCp07	ClEkJM2Vm5giqnMf4h	192.168.4.149	60624	74.125.239.129	443	SSL	0	X509,SHA256,SHA1,MD5	application/x-x509-user-cert	-	0.000000	F	F	1859	-	0	0	F	-	7af07aca6d5c6e8e87fe4bb34786edc0	548b9e03bc183d1cd39f93a37985cb3950f8f06f	6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43
-XXXXXXXXXX.XXXXXX	F1H4bd2OKGbLPEdHm4	ClEkJM2Vm5giqnMf4h	192.168.4.149	60624	74.125.239.129	443	SSL	0	X509,SHA256,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	1032	-	0	0	F	-	9e4ac96474245129d9766700412a1f89	d83c1a7f4d0446bb2081b81a1670f8183451ca24	a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d
-XXXXXXXXXX.XXXXXX	Fgsbci2jxFXYMOHOhi	ClEkJM2Vm5giqnMf4h	192.168.4.149	60624	74.125.239.129	443	SSL	0	X509,SHA256,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	897	-	0	0	F	-	2e7db2a31d0e3da4b25f49b9542a2e1a	7359755c6df9a0abc3060bce369564c8ec4542a3	3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0
+XXXXXXXXXX.XXXXXX	FgN3AE3of2TRIqaeQe	CHhAvVGS1DHFjwGM9	192.168.4.149	60623	74.125.239.129	443	SSL	0	SHA256,X509,SHA1,MD5	application/x-x509-user-cert	-	0.000000	F	F	1859	-	0	0	F	-	7af07aca6d5c6e8e87fe4bb34786edc0	548b9e03bc183d1cd39f93a37985cb3950f8f06f	6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43
+XXXXXXXXXX.XXXXXX	Fv2Agc4z5boBOacQi6	CHhAvVGS1DHFjwGM9	192.168.4.149	60623	74.125.239.129	443	SSL	0	SHA256,X509,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	1032	-	0	0	F	-	9e4ac96474245129d9766700412a1f89	d83c1a7f4d0446bb2081b81a1670f8183451ca24	a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d
+XXXXXXXXXX.XXXXXX	Ftmyeg2qgI2V38Dt3g	CHhAvVGS1DHFjwGM9	192.168.4.149	60623	74.125.239.129	443	SSL	0	SHA256,X509,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	897	-	0	0	F	-	2e7db2a31d0e3da4b25f49b9542a2e1a	7359755c6df9a0abc3060bce369564c8ec4542a3	3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0
+XXXXXXXXXX.XXXXXX	FUFNf84cduA0IJCp07	ClEkJM2Vm5giqnMf4h	192.168.4.149	60624	74.125.239.129	443	SSL	0	SHA256,X509,SHA1,MD5	application/x-x509-user-cert	-	0.000000	F	F	1859	-	0	0	F	-	7af07aca6d5c6e8e87fe4bb34786edc0	548b9e03bc183d1cd39f93a37985cb3950f8f06f	6bacfa4536150ed996f2b0c05ab6e345a257225f449aeb9d2018ccd88f4ede43
+XXXXXXXXXX.XXXXXX	F1H4bd2OKGbLPEdHm4	ClEkJM2Vm5giqnMf4h	192.168.4.149	60624	74.125.239.129	443	SSL	0	SHA256,X509,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	1032	-	0	0	F	-	9e4ac96474245129d9766700412a1f89	d83c1a7f4d0446bb2081b81a1670f8183451ca24	a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d
+XXXXXXXXXX.XXXXXX	Fgsbci2jxFXYMOHOhi	ClEkJM2Vm5giqnMf4h	192.168.4.149	60624	74.125.239.129	443	SSL	0	SHA256,X509,SHA1,MD5	application/x-x509-ca-cert	-	0.000000	F	F	897	-	0	0	F	-	2e7db2a31d0e3da4b25f49b9542a2e1a	7359755c6df9a0abc3060bce369564c8ec4542a3	3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.bad-backend-message/analyzer.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.bad-backend-message/analyzer.cut
new file mode 100644
index 0000000000..2abd20b8b3
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.bad-backend-message/analyzer.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	cause	analyzer_kind	analyzer_name	uid	fuid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	failure_reason	failure_data
+1673270800.189652	violation	protocol	POSTGRESQL	CHhAvVGS1DHFjwGM9	-	127.0.0.1	54958	127.0.0.1	5432	error while parsing PostgreSQL: &requires failed: (self.length >= 4) (...)	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.bad-backend-message/conn.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.bad-backend-message/conn.cut
new file mode 100644
index 0000000000..fb9e1bb702
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.bad-backend-message/conn.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	54958	127.0.0.1	5432	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.bad-startup-message/conn.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.bad-startup-message/conn.cut
new file mode 100644
index 0000000000..d9e7067ced
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.bad-startup-message/conn.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	54906	127.0.0.1	5432	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.dump-events/output b/testing/btest/Baseline/scripts.base.protocols.postgresql.dump-events/output
new file mode 100644
index 0000000000..aa8bd9f268
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.dump-events/output
@@ -0,0 +1,483 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+XXXXXXXXXX.XXXXXX PostgreSQL::ssl_request
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=8, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 msec 613.140106 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+
+XXXXXXXXXX.XXXXXX analyzer_confirmation_info
+                  [0] atype: AllAnalyzers::Tag = Analyzer::ANALYZER_POSTGRESQL
+                  [1] info: AnalyzerConfirmationInfo = [c=[id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=8, state=4, num_pkts=3, num_bytes_ip=172, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 382.205963 usecs, service={\x0a\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}], f=<uninitialized>, aid=3]
+
+XXXXXXXXXX.XXXXXX PostgreSQL::ssl_reply
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=8, state=4, num_pkts=3, num_bytes_ip=172, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 382.205963 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] data: string       = N
+
+XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=84, state=4, num_pkts=4, num_bytes_ip=224, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=3, num_bytes_ip=165, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 510.23674 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = user
+                  [2] value: string      = zeek
+
+XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=84, state=4, num_pkts=4, num_bytes_ip=224, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=3, num_bytes_ip=165, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 510.23674 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = database
+                  [2] value: string      = zeek
+
+XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=84, state=4, num_pkts=4, num_bytes_ip=224, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=3, num_bytes_ip=165, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 510.23674 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = application_name
+                  [2] value: string      = psql
+
+XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=84, state=4, num_pkts=4, num_bytes_ip=224, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=3, num_bytes_ip=165, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 510.23674 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = client_encoding
+                  [2] value: string      = UTF8
+
+XXXXXXXXXX.XXXXXX PostgreSQL::startup_message
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=84, state=4, num_pkts=4, num_bytes_ip=224, flow_label=0, l2_addr=<uninitialized>], resp=[size=1, state=4, num_pkts=3, num_bytes_ip=165, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 510.23674 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] major: count       = 3
+                  [2] minor: count       = 0
+
+XXXXXXXXXX.XXXXXX PostgreSQL::authentication_request
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=84, state=4, num_pkts=5, num_bytes_ip=352, flow_label=0, l2_addr=<uninitialized>], resp=[size=25, state=4, num_pkts=4, num_bytes_ip=217, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=5.0 msecs 738.019943 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] identifier: count  = 10
+                  [2] data: string       = SCRAM-SHA-256\x00\x00
+
+XXXXXXXXXX.XXXXXX PostgreSQL::authentication_response
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=139, state=4, num_pkts=6, num_bytes_ip=404, flow_label=0, l2_addr=<uninitialized>], resp=[size=25, state=4, num_pkts=5, num_bytes_ip=293, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 98.031998 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] data: string       = SCRAM-SHA-256\x00\x00\x00\x00 n,,n=,r=RDNGxQAy+XBG1FTcB1V4APAi
+
+XXXXXXXXXX.XXXXXX PostgreSQL::authentication_request
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=139, state=4, num_pkts=7, num_bytes_ip=511, flow_label=0, l2_addr=<uninitialized>], resp=[size=118, state=4, num_pkts=6, num_bytes_ip=345, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 646.156311 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] identifier: count  = 11
+                  [2] data: string       = r=RDNGxQAy+XBG1FTcB1V4APAiQKfUt9glP8g5pxy9DbOPP7XP,s=+CteaSWwgyiphFuGGX5BiA==,i=4096
+
+XXXXXXXXXX.XXXXXX PostgreSQL::authentication_response
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=8, num_bytes_ip=563, flow_label=0, l2_addr=<uninitialized>], resp=[size=118, state=4, num_pkts=7, num_bytes_ip=490, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 935.058594 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] data: string       = c=biws,r=RDNGxQAy+XBG1FTcB1V4APAiQKfUt9glP8g5pxy9DbOPP7XP,p=dyDbm15UroGE6wwsbEqiKmSYJNRf50RC/KK2ULYhR4M=
+
+XXXXXXXXXX.XXXXXX PostgreSQL::authentication_request
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] identifier: count  = 12
+                  [2] data: string       = v=0jpq9fPJQZCGXFdlCjQTGro71zmbxS/ENeTsnR2nWp4=
+
+XXXXXXXXXX.XXXXXX PostgreSQL::authentication_ok
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = application_name
+                  [2] value: string      = psql
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = client_encoding
+                  [2] value: string      = UTF8
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = DateStyle
+                  [2] value: string      = ISO, MDY
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = default_transaction_read_only
+                  [2] value: string      = off
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = in_hot_standby
+                  [2] value: string      = off
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = integer_datetimes
+                  [2] value: string      = on
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = IntervalStyle
+                  [2] value: string      = postgres
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = is_superuser
+                  [2] value: string      = on
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = server_encoding
+                  [2] value: string      = UTF8
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = server_version
+                  [2] value: string      = 14.5 (Debian 14.5-1.pgdg110+1)
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = session_authorization
+                  [2] value: string      = zeek
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = standard_conforming_strings
+                  [2] value: string      = on
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = TimeZone
+                  [2] value: string      = Etc/UTC
+
+XXXXXXXXXX.XXXXXX PostgreSQL::backend_key_data
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] process_id: count  = 96
+                  [2] secret_key: count  = 590994220
+
+XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=9, num_bytes_ip=724, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=8, num_bytes_ip=542, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=24.0 msecs 738.073349 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] transaction_status: string = I
+
+XXXXXXXXXX.XXXXXX PostgreSQL::simple_query
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=266, state=4, num_pkts=10, num_bytes_ip=776, flow_label=0, l2_addr=<uninitialized>], resp=[size=583, state=4, num_pkts=9, num_bytes_ip=1059, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=25.0 msecs 581.121445 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] query: string      = select now()
+
+XXXXXXXXXX.XXXXXX PostgreSQL::not_implemented
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=266, state=4, num_pkts=11, num_bytes_ip=846, flow_label=0, l2_addr=<uninitialized>], resp=[size=672, state=4, num_pkts=10, num_bytes_ip=1111, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 796.102524 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] is_orig: bool      = F
+                  [2] typ: string        = T
+                  [3] chunk: string      = \x00\x01now\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\xa0\x00\x08\xff\xff\xff\xff\x00\x00
+
+XXXXXXXXXX.XXXXXX PostgreSQL::data_row
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=266, state=4, num_pkts=11, num_bytes_ip=846, flow_label=0, l2_addr=<uninitialized>], resp=[size=672, state=4, num_pkts=10, num_bytes_ip=1111, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 796.102524 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] column_values: count = 1
+
+XXXXXXXXXX.XXXXXX PostgreSQL::not_implemented
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=266, state=4, num_pkts=11, num_bytes_ip=846, flow_label=0, l2_addr=<uninitialized>], resp=[size=672, state=4, num_pkts=10, num_bytes_ip=1111, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 796.102524 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] is_orig: bool      = F
+                  [2] typ: string        = C
+                  [3] chunk: string      = SELECT 1\x00
+
+XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=266, state=4, num_pkts=11, num_bytes_ip=846, flow_label=0, l2_addr=<uninitialized>], resp=[size=672, state=4, num_pkts=10, num_bytes_ip=1111, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=26.0 msecs 796.102524 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] transaction_status: string = I
+
+XXXXXXXXXX.XXXXXX PostgreSQL::terminate
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=35336/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=271, state=4, num_pkts=12, num_bytes_ip=898, flow_label=0, l2_addr=<uninitialized>], resp=[size=672, state=4, num_pkts=11, num_bytes_ip=1252, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=27.0 msecs 49.064636 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+
+XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = user
+                  [2] value: string      = postgres
+
+XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = database
+                  [2] value: string      = postgres
+
+XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = application_name
+                  [2] value: string      = psql
+
+XXXXXXXXXX.XXXXXX PostgreSQL::startup_parameter
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = client_encoding
+                  [2] value: string      = UTF8
+
+XXXXXXXXXX.XXXXXX analyzer_confirmation_info
+                  [0] atype: AllAnalyzers::Tag = Analyzer::ANALYZER_POSTGRESQL
+                  [1] info: AnalyzerConfirmationInfo = [c=[id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0a\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}], f=<uninitialized>, aid=3]
+
+XXXXXXXXXX.XXXXXX PostgreSQL::startup_message
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=84, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=294.923782 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShAD, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] major: count       = 3
+                  [2] minor: count       = 0
+
+XXXXXXXXXX.XXXXXX PostgreSQL::authentication_request
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=84, state=4, num_pkts=3, num_bytes_ip=248, flow_label=0, l2_addr=<uninitialized>], resp=[size=24, state=4, num_pkts=2, num_bytes_ip=112, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=1.0 msec 885.890961 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] identifier: count  = 10
+                  [2] data: string       = SCRAM-SHA-256\x00\x00
+
+XXXXXXXXXX.XXXXXX PostgreSQL::authentication_response
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=139, state=4, num_pkts=4, num_bytes_ip=300, flow_label=0, l2_addr=<uninitialized>], resp=[size=24, state=4, num_pkts=3, num_bytes_ip=188, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=2.0 msecs 925.872803 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] data: string       = SCRAM-SHA-256\x00\x00\x00\x00 n,,n=,r=TwGbAdrgxcvfe7FNe0iWJfSf
+
+XXXXXXXXXX.XXXXXX PostgreSQL::authentication_request
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=139, state=4, num_pkts=5, num_bytes_ip=407, flow_label=0, l2_addr=<uninitialized>], resp=[size=117, state=4, num_pkts=3, num_bytes_ip=188, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=3.0 msecs 165.006638 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] identifier: count  = 11
+                  [2] data: string       = r=TwGbAdrgxcvfe7FNe0iWJfSf3mBBWw9W0eciRd2Pkg2/HIB1,s=iKUi26lwqA6spIkddhe7hw==,i=4096
+
+XXXXXXXXXX.XXXXXX PostgreSQL::authentication_response
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=5, num_bytes_ip=407, flow_label=0, l2_addr=<uninitialized>], resp=[size=117, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=5.0 msecs 603.790283 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] data: string       = c=biws,r=TwGbAdrgxcvfe7FNe0iWJfSf3mBBWw9W0eciRd2Pkg2/HIB1,p=Y0VuiVVs4GDpPeMPkQcE0ADRvkq3Njc1mpCIrK1m/1Q=
+
+XXXXXXXXXX.XXXXXX PostgreSQL::authentication_request
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] identifier: count  = 12
+                  [2] data: string       = v=na9OnyjI3MkvsAm3C8I8BoeiU4I6QL3HPaMCcLTOgfA=
+
+XXXXXXXXXX.XXXXXX PostgreSQL::authentication_ok
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = in_hot_standby
+                  [2] value: string      = off
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = integer_datetimes
+                  [2] value: string      = on
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = TimeZone
+                  [2] value: string      = Etc/UTC
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = IntervalStyle
+                  [2] value: string      = postgres
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = is_superuser
+                  [2] value: string      = on
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = application_name
+                  [2] value: string      = psql
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = default_transaction_read_only
+                  [2] value: string      = off
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = scram_iterations
+                  [2] value: string      = 4096
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = DateStyle
+                  [2] value: string      = ISO, MDY
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = standard_conforming_strings
+                  [2] value: string      = on
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = session_authorization
+                  [2] value: string      = postgres
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = client_encoding
+                  [2] value: string      = UTF8
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = server_version
+                  [2] value: string      = 16.4 (Debian 16.4-1.pgdg120+1)
+
+XXXXXXXXXX.XXXXXX PostgreSQL::parameter_status
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] name: string       = server_encoding
+                  [2] value: string      = UTF8
+
+XXXXXXXXXX.XXXXXX PostgreSQL::backend_key_data
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] process_id: count  = 876
+                  [2] secret_key: count  = 4268530428
+
+XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=248, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=4, num_bytes_ip=333, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 734.848022 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] transaction_status: string = I
+
+XXXXXXXXXX.XXXXXX PostgreSQL::simple_query
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=277, state=4, num_pkts=6, num_bytes_ip=568, flow_label=0, l2_addr=<uninitialized>], resp=[size=613, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=6.0 msecs 889.820099 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] query: string      = DROP TABLE IF EXISTS t;
+
+XXXXXXXXXX.XXXXXX PostgreSQL::notice_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = S
+                  [2] value: string      = NOTICE
+
+XXXXXXXXXX.XXXXXX PostgreSQL::notice_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = V
+                  [2] value: string      = NOTICE
+
+XXXXXXXXXX.XXXXXX PostgreSQL::notice_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = C
+                  [2] value: string      = 00000
+
+XXXXXXXXXX.XXXXXX PostgreSQL::notice_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = M
+                  [2] value: string      = table "t" does not exist, skipping
+
+XXXXXXXXXX.XXXXXX PostgreSQL::notice_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = F
+                  [2] value: string      = tablecmds.c
+
+XXXXXXXXXX.XXXXXX PostgreSQL::notice_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = L
+                  [2] value: string      = 1300
+
+XXXXXXXXXX.XXXXXX PostgreSQL::notice_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = R
+                  [2] value: string      = DropErrorMsgNonExistent
+
+XXXXXXXXXX.XXXXXX PostgreSQL::notice_response
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+
+XXXXXXXXXX.XXXXXX PostgreSQL::not_implemented
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] is_orig: bool      = F
+                  [2] typ: string        = C
+                  [3] chunk: string      = DROP TABLE\x00
+
+XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=277, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=5, num_bytes_ip=881, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 133.00705 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] transaction_status: string = I
+
+XXXXXXXXXX.XXXXXX PostgreSQL::simple_query
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=339, state=4, num_pkts=7, num_bytes_ip=649, flow_label=0, l2_addr=<uninitialized>], resp=[size=744, state=4, num_pkts=6, num_bytes_ip=1064, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=7.0 msecs 164.001465 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] query: string      = CREATE TABLE IF NOT EXISTS t (i int, s varchar, t time);
+
+XXXXXXXXXX.XXXXXX PostgreSQL::not_implemented
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=339, state=4, num_pkts=8, num_bytes_ip=763, flow_label=0, l2_addr=<uninitialized>], resp=[size=768, state=4, num_pkts=6, num_bytes_ip=1064, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 630.836487 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] is_orig: bool      = F
+                  [2] typ: string        = C
+                  [3] chunk: string      = CREATE TABLE\x00
+
+XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=339, state=4, num_pkts=8, num_bytes_ip=763, flow_label=0, l2_addr=<uninitialized>], resp=[size=768, state=4, num_pkts=6, num_bytes_ip=1064, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 630.836487 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] transaction_status: string = I
+
+XXXXXXXXXX.XXXXXX PostgreSQL::simple_query
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=388, state=4, num_pkts=8, num_bytes_ip=763, flow_label=0, l2_addr=<uninitialized>], resp=[size=768, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 734.786987 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] query: string      = INSERT INTO t VALUES (now(), now(), now());
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = S
+                  [2] value: string      = ERROR
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = V
+                  [2] value: string      = ERROR
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = C
+                  [2] value: string      = 42804
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = M
+                  [2] value: string      = column "i" is of type integer but expression is of type timestamp with time zone
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = H
+                  [2] value: string      = You will need to rewrite or cast the expression.
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = P
+                  [2] value: string      = 23
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = F
+                  [2] value: string      = parse_target.c
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = L
+                  [2] value: string      = 586
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = R
+                  [2] value: string      = transformAssignedExpr
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+
+XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=388, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=7, num_bytes_ip=1140, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=20.0 msecs 999.908447 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] transaction_status: string = I
+
+XXXXXXXXXX.XXXXXX PostgreSQL::simple_query
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=407, state=4, num_pkts=9, num_bytes_ip=864, flow_label=0, l2_addr=<uninitialized>], resp=[size=981, state=4, num_pkts=8, num_bytes_ip=1405, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=21.0 msecs 95.991135 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] query: string      = DROP TABLE t;
+
+XXXXXXXXXX.XXXXXX PostgreSQL::not_implemented
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=407, state=4, num_pkts=10, num_bytes_ip=935, flow_label=0, l2_addr=<uninitialized>], resp=[size=1003, state=4, num_pkts=8, num_bytes_ip=1405, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 515.939713 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] is_orig: bool      = F
+                  [2] typ: string        = C
+                  [3] chunk: string      = DROP TABLE\x00
+
+XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=407, state=4, num_pkts=10, num_bytes_ip=935, flow_label=0, l2_addr=<uninitialized>], resp=[size=1003, state=4, num_pkts=8, num_bytes_ip=1405, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 515.939713 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] transaction_status: string = I
+
+XXXXXXXXXX.XXXXXX PostgreSQL::simple_query
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=426, state=4, num_pkts=10, num_bytes_ip=935, flow_label=0, l2_addr=<uninitialized>], resp=[size=1003, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 620.843887 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] query: string      = DROP TABLE t;
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = S
+                  [2] value: string      = ERROR
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = V
+                  [2] value: string      = ERROR
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = C
+                  [2] value: string      = 42P01
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = M
+                  [2] value: string      = table "t" does not exist
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = F
+                  [2] value: string      = tablecmds.c
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = L
+                  [2] value: string      = 1294
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response_identified_field
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] code: string       = R
+                  [2] value: string      = DropErrorMsgNonExistent
+
+XXXXXXXXXX.XXXXXX PostgreSQL::error_response
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1100, state=4, num_pkts=9, num_bytes_ip=1479, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 715.9729 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+
+XXXXXXXXXX.XXXXXX PostgreSQL::ready_for_query
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=426, state=4, num_pkts=11, num_bytes_ip=1006, flow_label=0, l2_addr=<uninitialized>], resp=[size=1106, state=4, num_pkts=10, num_bytes_ip=1628, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 727.893829 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+                  [1] transaction_status: string = I
+
+XXXXXXXXXX.XXXXXX PostgreSQL::terminate
+                  [0] c: connection      = [id=[orig_h=127.0.0.1, orig_p=56698/tcp, resp_h=127.0.0.1, resp_p=5432/tcp], orig=[size=431, state=4, num_pkts=12, num_bytes_ip=1058, flow_label=0, l2_addr=<uninitialized>], resp=[size=1106, state=4, num_pkts=11, num_bytes_ip=1686, flow_label=0, l2_addr=<uninitialized>], start_time=XXXXXXXXXX.XXXXXX, duration=23.0 msecs 757.93457 usecs, service={\x0aPOSTGRESQL\x0a}, history=ShADad, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, dpd_state=<uninitialized>, service_violation={\x0a\x0a}]
+
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.http-on-port-5432/analyzer.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.http-on-port-5432/analyzer.cut
new file mode 100644
index 0000000000..da70449a97
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.http-on-port-5432/analyzer.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	cause	analyzer_kind	analyzer_name	uid	fuid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	failure_reason	failure_data
+1362692526.939527	violation	protocol	POSTGRESQL	CHhAvVGS1DHFjwGM9	-	141.142.228.5	59856	192.150.187.43	5432	unsupported PostgreSQL major version 12132 (...)	GET /download/CHANGES.bro-aux.txt HTTP/1
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.http-on-port-5432/conn.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.http-on-port-5432/conn.cut
new file mode 100644
index 0000000000..98dfde72b4
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.http-on-port-5432/conn.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	history	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	141.142.228.5	59856	192.150.187.43	5432	ShADadFf	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.mysql-on-port-5432/analyzer.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.mysql-on-port-5432/analyzer.cut
new file mode 100644
index 0000000000..25786b3609
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.mysql-on-port-5432/analyzer.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	cause	analyzer_kind	analyzer_name	uid	fuid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	failure_reason	failure_data
+1723562242.888659	violation	protocol	POSTGRESQL	CHhAvVGS1DHFjwGM9	-	127.0.0.1	43330	127.0.0.1	5432	unsupported PostgreSQL major version 3490 (...)	\xf4\x00\x00\x01\x0d\xa2\x1b\x18\x00\x00\x00@\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00root
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.mysql-on-port-5432/conn.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.mysql-on-port-5432/conn.cut
new file mode 100644
index 0000000000..20f05381c4
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.mysql-on-port-5432/conn.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	history	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	43330	127.0.0.1	5432	ShAdDaFf	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.parameter-status/output b/testing/btest/Baseline/scripts.base.protocols.postgresql.parameter-status/output
new file mode 100644
index 0000000000..e7f454e9e5
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.parameter-status/output
@@ -0,0 +1,14 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+parameter_status, ClEkJM2Vm5giqnMf4h, application_name, psql
+parameter_status, ClEkJM2Vm5giqnMf4h, client_encoding, UTF8
+parameter_status, ClEkJM2Vm5giqnMf4h, DateStyle, ISO, MDY
+parameter_status, ClEkJM2Vm5giqnMf4h, default_transaction_read_only, off
+parameter_status, ClEkJM2Vm5giqnMf4h, in_hot_standby, off
+parameter_status, ClEkJM2Vm5giqnMf4h, integer_datetimes, on
+parameter_status, ClEkJM2Vm5giqnMf4h, IntervalStyle, postgres
+parameter_status, ClEkJM2Vm5giqnMf4h, is_superuser, on
+parameter_status, ClEkJM2Vm5giqnMf4h, server_encoding, UTF8
+parameter_status, ClEkJM2Vm5giqnMf4h, server_version, 14.5 (Debian 14.5-1.pgdg110+1)
+parameter_status, ClEkJM2Vm5giqnMf4h, session_authorization, zeek
+parameter_status, ClEkJM2Vm5giqnMf4h, standard_conforming_strings, on
+parameter_status, ClEkJM2Vm5giqnMf4h, TimeZone, Etc/UTC
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-auth/output b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-auth/output
new file mode 100644
index 0000000000..610f2d5306
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-auth/output
@@ -0,0 +1,7 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+authentication_request, CHhAvVGS1DHFjwGM9, 10, SCRAM-SHA-256\x00\x00
+authentication_response, CHhAvVGS1DHFjwGM9, SCRAM-SHA-256\x00\x00\x00\x00 n,,n=,r=RDNGxQAy+XBG1FTcB1V4APAi
+authentication_request, CHhAvVGS1DHFjwGM9, 11, r=RDNGxQAy+XBG1FTcB1V4APAiQKfUt9glP8g5pxy9DbOPP7XP,s=+CteaSWwgyiphFuGGX5BiA==,i=4096
+authentication_response, CHhAvVGS1DHFjwGM9, c=biws,r=RDNGxQAy+XBG1FTcB1V4APAiQKfUt9glP8g5pxy9DbOPP7XP,p=dyDbm15UroGE6wwsbEqiKmSYJNRf50RC/KK2ULYhR4M=
+authentication_request, CHhAvVGS1DHFjwGM9, 12, v=0jpq9fPJQZCGXFdlCjQTGro71zmbxS/ENeTsnR2nWp4=
+authentication_ok, CHhAvVGS1DHFjwGM9
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-disable-15432/conn.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-disable-15432/conn.cut
new file mode 100644
index 0000000000..4e4c694aea
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-disable-15432/conn.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.123.132	36060	52.200.36.167	15432	postgresql
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-disable-15432/postgresql.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-disable-15432/postgresql.cut
new file mode 100644
index 0000000000..597c86e52b
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-disable-15432/postgresql.cut
@@ -0,0 +1,5 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	user	database	application_name	frontend	frontend_arg	backend	backend_arg	success	rows
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.123.132	36060	52.200.36.167	15432	zeek	zeek	psql	startup	-	auth_ok	MD5Password	T	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.123.132	36060	52.200.36.167	15432	zeek	zeek	psql	simple_query	select now()	-	-	T	1
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.123.132	36060	52.200.36.167	15432	zeek	zeek	psql	terminate	-	-	-	-	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-disable/conn.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-disable/conn.cut
new file mode 100644
index 0000000000..2e73ad317b
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-disable/conn.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.123.132	36060	52.200.36.167	5432	postgresql
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-disable/postgresql.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-disable/postgresql.cut
new file mode 100644
index 0000000000..f042198d3e
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-disable/postgresql.cut
@@ -0,0 +1,5 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	user	database	application_name	frontend	frontend_arg	backend	backend_arg	success	rows
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.123.132	36060	52.200.36.167	5432	zeek	zeek	psql	startup	-	auth_ok	MD5Password	T	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.123.132	36060	52.200.36.167	5432	zeek	zeek	psql	simple_query	select now()	-	-	T	1
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.123.132	36060	52.200.36.167	5432	zeek	zeek	psql	terminate	-	-	-	-	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require-15432/conn.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require-15432/conn.cut
new file mode 100644
index 0000000000..62a51c0bf1
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require-15432/conn.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.123.132	36934	52.200.36.167	15432	ssl,postgresql
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require-15432/postgresql.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require-15432/postgresql.cut
new file mode 100644
index 0000000000..82db165636
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require-15432/postgresql.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	user	database	application_name	frontend	frontend_arg	backend	backend_arg	success	rows
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.123.132	36934	52.200.36.167	15432	-	-	-	ssl_request	-	ssl_reply	S	T	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require-15432/ssl.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require-15432/ssl.cut
new file mode 100644
index 0000000000..3f0f7aaa8d
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require-15432/ssl.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.123.132	36934	52.200.36.167	15432	TLSv12	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	secp256r1	database-1.cyx4x7yvdoay.us-east-1.rds.amazonaws.com
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require/conn.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require/conn.cut
new file mode 100644
index 0000000000..d5b92b5fe9
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require/conn.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.123.132	36934	52.200.36.167	5432	ssl,postgresql
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require/postgresql.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require/postgresql.cut
new file mode 100644
index 0000000000..016bae386b
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require/postgresql.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	user	database	application_name	frontend	frontend_arg	backend	backend_arg	success	rows
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.123.132	36934	52.200.36.167	5432	-	-	-	ssl_request	-	ssl_reply	S	T	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require/ssl.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require/ssl.cut
new file mode 100644
index 0000000000..03afaeae6f
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-aws-ssl-require/ssl.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.123.132	36934	52.200.36.167	5432	TLSv12	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	secp256r1	database-1.cyx4x7yvdoay.us-east-1.rds.amazonaws.com
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-create-insert-select/conn.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-create-insert-select/conn.cut
new file mode 100644
index 0000000000..3f0dca0291
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-create-insert-select/conn.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	40190	127.0.0.1	5432	postgresql
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-create-insert-select/postgresql.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-create-insert-select/postgresql.cut
new file mode 100644
index 0000000000..2dd0f35f01
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-create-insert-select/postgresql.cut
@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	user	database	application_name	frontend	frontend_arg	backend	backend_arg	success	rows
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	40190	127.0.0.1	5432	postgres	postgres	psql	startup	-	auth_ok	SASL,SASLContinue,SASLFinal	T	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	40190	127.0.0.1	5432	postgres	postgres	psql	simple_query	DROP TABLE IF EXISTS t;	-	SeverityLocalized=NOTICE,Severity=NOTICE,Code=00000,Message=table "t" does not exist, skipping,File=tablecmds.c,Line=1300,Routine=DropErrorMsgNonExistent	T	0
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	40190	127.0.0.1	5432	postgres	postgres	psql	simple_query	CREATE TABLE IF NOT EXISTS t (i int, s varchar, t time);	-	-	T	0
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	40190	127.0.0.1	5432	postgres	postgres	psql	simple_query	INSERT INTO t VALUES (42, 'forty-two', now());	-	-	T	0
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	40190	127.0.0.1	5432	postgres	postgres	psql	simple_query	INSERT INTO t VALUES (86, 'eighty-six', now());	-	-	T	0
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	40190	127.0.0.1	5432	postgres	postgres	psql	simple_query	SELECT * from t;	-	-	T	2
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	40190	127.0.0.1	5432	postgres	postgres	psql	simple_query	DELETE FROM t;	-	-	T	0
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	40190	127.0.0.1	5432	postgres	postgres	psql	simple_query	DROP TABLE t;	-	-	T	0
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	40190	127.0.0.1	5432	postgres	postgres	psql	terminate	-	-	-	-	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-insert-fail-drop-fail/conn.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-insert-fail-drop-fail/conn.cut
new file mode 100644
index 0000000000..ac1fcb70a9
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-insert-fail-drop-fail/conn.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	56698	127.0.0.1	5432	postgresql
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-insert-fail-drop-fail/postgresql.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-insert-fail-drop-fail/postgresql.cut
new file mode 100644
index 0000000000..2655631373
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-insert-fail-drop-fail/postgresql.cut
@@ -0,0 +1,9 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	user	database	application_name	frontend	frontend_arg	backend	backend_arg	success	rows
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	56698	127.0.0.1	5432	postgres	postgres	psql	startup	-	auth_ok	SASL,SASLContinue,SASLFinal	T	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	56698	127.0.0.1	5432	postgres	postgres	psql	simple_query	DROP TABLE IF EXISTS t;	-	SeverityLocalized=NOTICE,Severity=NOTICE,Code=00000,Message=table "t" does not exist, skipping,File=tablecmds.c,Line=1300,Routine=DropErrorMsgNonExistent	T	0
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	56698	127.0.0.1	5432	postgres	postgres	psql	simple_query	CREATE TABLE IF NOT EXISTS t (i int, s varchar, t time);	-	-	T	0
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	56698	127.0.0.1	5432	postgres	postgres	psql	simple_query	INSERT INTO t VALUES (now(), now(), now());	error	SeverityLocalized=ERROR,Severity=ERROR,Code=42804,Message=column "i" is of type integer but expression is of type timestamp with time zone,Hint=You will need to rewrite or cast the expression.,Position=23,File=parse_target.c,Line=586,Routine=transformAssignedExpr	F	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	56698	127.0.0.1	5432	postgres	postgres	psql	simple_query	DROP TABLE t;	-	-	T	0
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	56698	127.0.0.1	5432	postgres	postgres	psql	simple_query	DROP TABLE t;	error	SeverityLocalized=ERROR,Severity=ERROR,Code=42P01,Message=table "t" does not exist,File=tablecmds.c,Line=1294,Routine=DropErrorMsgNonExistent	F	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	56698	127.0.0.1	5432	postgres	postgres	psql	terminate	-	-	-	-	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-login-fail/conn.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-login-fail/conn.cut
new file mode 100644
index 0000000000..d665ddf487
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-login-fail/conn.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	51732	127.0.0.1	5432	postgresql
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-login-fail/postgresql.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-login-fail/postgresql.cut
new file mode 100644
index 0000000000..a53fd4fec6
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-login-fail/postgresql.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	user	database	application_name	frontend	frontend_arg	backend	backend_arg	success	rows
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	51732	127.0.0.1	5432	postgres	postgres	psql	startup	-	auth_request,auth_request,error	SASL,SASLContinue,SeverityLocalized=FATAL,Severity=FATAL,Code=28P01,Message=password authentication failed for user "postgres",File=auth.c,Line=323,Routine=auth_failed	F	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-login-no-sslrequest/conn.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-login-no-sslrequest/conn.cut
new file mode 100644
index 0000000000..785a35936e
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-login-no-sslrequest/conn.cut
@@ -0,0 +1,4 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	37268	127.0.0.1	5432	postgresql
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	127.0.0.1	37272	127.0.0.1	5432	postgresql
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-login-no-sslrequest/postgresql.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-login-no-sslrequest/postgresql.cut
new file mode 100644
index 0000000000..5f03cd4e59
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-login-no-sslrequest/postgresql.cut
@@ -0,0 +1,5 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	user	database	application_name	frontend	frontend_arg	backend	backend_arg	success	rows
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	127.0.0.1	37272	127.0.0.1	5432	zeek	zeek	psql	startup	-	auth_ok	SASL,SASLContinue,SASLFinal	T	-
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	127.0.0.1	37272	127.0.0.1	5432	zeek	zeek	psql	terminate	-	-	-	-	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	37268	127.0.0.1	5432	zeek	zeek	psql	startup	-	auth_request	SASL	-	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-select-now/conn.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-select-now/conn.cut
new file mode 100644
index 0000000000..670096f2e5
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-select-now/conn.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	35336	127.0.0.1	5432	postgresql
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-select-now/postgresql.cut b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-select-now/postgresql.cut
new file mode 100644
index 0000000000..377f2a534b
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.psql-select-now/postgresql.cut
@@ -0,0 +1,6 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	user	database	application_name	frontend	frontend_arg	backend	backend_arg	success	rows
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	35336	127.0.0.1	5432	-	-	-	ssl_request	-	ssl_reply	N	F	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	35336	127.0.0.1	5432	zeek	zeek	psql	startup	-	auth_ok	SASL,SASLContinue,SASLFinal	T	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	35336	127.0.0.1	5432	zeek	zeek	psql	simple_query	select now()	-	-	T	1
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	35336	127.0.0.1	5432	zeek	zeek	psql	terminate	-	-	-	-	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.postgresql.startup-parameter/output b/testing/btest/Baseline/scripts.base.protocols.postgresql.startup-parameter/output
new file mode 100644
index 0000000000..308a07c4d1
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.postgresql.startup-parameter/output
@@ -0,0 +1,9 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+startup_parameter, CHhAvVGS1DHFjwGM9, user, zeek
+startup_parameter, CHhAvVGS1DHFjwGM9, database, zeek
+startup_parameter, CHhAvVGS1DHFjwGM9, application_name, psql
+startup_parameter, CHhAvVGS1DHFjwGM9, client_encoding, UTF8
+startup_parameter, ClEkJM2Vm5giqnMf4h, user, zeek
+startup_parameter, ClEkJM2Vm5giqnMf4h, database, zeek
+startup_parameter, ClEkJM2Vm5giqnMf4h, application_name, psql
+startup_parameter, ClEkJM2Vm5giqnMf4h, client_encoding, UTF8
diff --git a/testing/btest/Traces/postgresql/bad-backend-message-1.pcap b/testing/btest/Traces/postgresql/bad-backend-message-1.pcap
new file mode 100644
index 0000000000..1303a99d88
Binary files /dev/null and b/testing/btest/Traces/postgresql/bad-backend-message-1.pcap differ
diff --git a/testing/btest/Traces/postgresql/bad-startup-message-1.pcap b/testing/btest/Traces/postgresql/bad-startup-message-1.pcap
new file mode 100644
index 0000000000..2a61bf7820
Binary files /dev/null and b/testing/btest/Traces/postgresql/bad-startup-message-1.pcap differ
diff --git a/testing/btest/Traces/postgresql/http-on-port-5432.pcap b/testing/btest/Traces/postgresql/http-on-port-5432.pcap
new file mode 100644
index 0000000000..316b24e666
Binary files /dev/null and b/testing/btest/Traces/postgresql/http-on-port-5432.pcap differ
diff --git a/testing/btest/Traces/postgresql/mysql-on-port-5432.pcap b/testing/btest/Traces/postgresql/mysql-on-port-5432.pcap
new file mode 100644
index 0000000000..5d44e55f2d
Binary files /dev/null and b/testing/btest/Traces/postgresql/mysql-on-port-5432.pcap differ
diff --git a/testing/btest/Traces/postgresql/psql-aws-ssl-disable-15432.pcap b/testing/btest/Traces/postgresql/psql-aws-ssl-disable-15432.pcap
new file mode 100644
index 0000000000..051c542acd
Binary files /dev/null and b/testing/btest/Traces/postgresql/psql-aws-ssl-disable-15432.pcap differ
diff --git a/testing/btest/Traces/postgresql/psql-aws-ssl-disable.pcap b/testing/btest/Traces/postgresql/psql-aws-ssl-disable.pcap
new file mode 100644
index 0000000000..139c292dbf
Binary files /dev/null and b/testing/btest/Traces/postgresql/psql-aws-ssl-disable.pcap differ
diff --git a/testing/btest/Traces/postgresql/psql-aws-ssl-preferred.pcap b/testing/btest/Traces/postgresql/psql-aws-ssl-preferred.pcap
new file mode 100644
index 0000000000..3521c1b7b4
Binary files /dev/null and b/testing/btest/Traces/postgresql/psql-aws-ssl-preferred.pcap differ
diff --git a/testing/btest/Traces/postgresql/psql-aws-ssl-require-15432.pcap b/testing/btest/Traces/postgresql/psql-aws-ssl-require-15432.pcap
new file mode 100644
index 0000000000..ad7dcab4e0
Binary files /dev/null and b/testing/btest/Traces/postgresql/psql-aws-ssl-require-15432.pcap differ
diff --git a/testing/btest/Traces/postgresql/psql-aws-ssl-require.pcap b/testing/btest/Traces/postgresql/psql-aws-ssl-require.pcap
new file mode 100644
index 0000000000..4e2dd5b214
Binary files /dev/null and b/testing/btest/Traces/postgresql/psql-aws-ssl-require.pcap differ
diff --git a/testing/btest/Traces/postgresql/psql-create-insert-select-delete-drop.pcap b/testing/btest/Traces/postgresql/psql-create-insert-select-delete-drop.pcap
new file mode 100644
index 0000000000..7ebe574c09
Binary files /dev/null and b/testing/btest/Traces/postgresql/psql-create-insert-select-delete-drop.pcap differ
diff --git a/testing/btest/Traces/postgresql/psql-insert-fail-drop-fail.pcap b/testing/btest/Traces/postgresql/psql-insert-fail-drop-fail.pcap
new file mode 100644
index 0000000000..215b56d148
Binary files /dev/null and b/testing/btest/Traces/postgresql/psql-insert-fail-drop-fail.pcap differ
diff --git a/testing/btest/Traces/postgresql/psql-login-fail.pcap b/testing/btest/Traces/postgresql/psql-login-fail.pcap
new file mode 100644
index 0000000000..4d63a35b7d
Binary files /dev/null and b/testing/btest/Traces/postgresql/psql-login-fail.pcap differ
diff --git a/testing/btest/Traces/postgresql/psql-login-no-sslrequest.pcap b/testing/btest/Traces/postgresql/psql-login-no-sslrequest.pcap
new file mode 100644
index 0000000000..e25ca19515
Binary files /dev/null and b/testing/btest/Traces/postgresql/psql-login-no-sslrequest.pcap differ
diff --git a/testing/btest/Traces/postgresql/psql-login-wrong.pcap b/testing/btest/Traces/postgresql/psql-login-wrong.pcap
new file mode 100644
index 0000000000..aa16d73bdf
Binary files /dev/null and b/testing/btest/Traces/postgresql/psql-login-wrong.pcap differ
diff --git a/testing/btest/Traces/postgresql/psql-login.pcap b/testing/btest/Traces/postgresql/psql-login.pcap
new file mode 100644
index 0000000000..17f01a3635
Binary files /dev/null and b/testing/btest/Traces/postgresql/psql-login.pcap differ
diff --git a/testing/btest/Traces/postgresql/psql-select-now.pcap b/testing/btest/Traces/postgresql/psql-select-now.pcap
new file mode 100644
index 0000000000..991fc2f9e7
Binary files /dev/null and b/testing/btest/Traces/postgresql/psql-select-now.pcap differ
diff --git a/testing/btest/scripts/base/protocols/postgresql/availability.zeek b/testing/btest/scripts/base/protocols/postgresql/availability.zeek
new file mode 100644
index 0000000000..ed16b1e891
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/availability.zeek
@@ -0,0 +1,4 @@
+# @TEST-DOC: Check that the PostgreSQL analyzer is available.
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -NN | grep -qi 'ANALYZER_POSTGRESQL'
diff --git a/testing/btest/scripts/base/protocols/postgresql/bad-backend-message.zeek b/testing/btest/scripts/base/protocols/postgresql/bad-backend-message.zeek
new file mode 100644
index 0000000000..574025bbe9
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/bad-backend-message.zeek
@@ -0,0 +1,13 @@
+# @TEST-DOC: Startup message triggering integer overflow
+
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/bad-backend-message-1.pcap %INPUT
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p service  < conn.log > conn.cut
+# @TEST-EXEC: zeek-cut -m < analyzer.log > analyzer.cut
+#
+# @TEST-EXEC: btest-diff conn.cut
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="sed -r 's,(.*) \(/[^\)]+\),\1 (...),'" btest-diff analyzer.cut
+# @TEST-EXEC: test ! -f reporter.log
+
+@load base/protocols/conn
+@load base/protocols/postgresql
diff --git a/testing/btest/scripts/base/protocols/postgresql/bad-startup-message.zeek b/testing/btest/scripts/base/protocols/postgresql/bad-startup-message.zeek
new file mode 100644
index 0000000000..118552b65f
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/bad-startup-message.zeek
@@ -0,0 +1,11 @@
+# @TEST-DOC: Startup message triggering integer overflow
+
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/bad-startup-message-1.pcap ${PACKAGE} %INPUT
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p service  < conn.log > conn.cut
+#
+# @TEST-EXEC: btest-diff conn.cut
+# @TEST-EXEC: test ! -f reporter.log
+
+@load base/protocols/conn
+@load base/protocols/postgresql
diff --git a/testing/btest/scripts/base/protocols/postgresql/dump-events.zeek b/testing/btest/scripts/base/protocols/postgresql/dump-events.zeek
new file mode 100644
index 0000000000..07f07a951b
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/dump-events.zeek
@@ -0,0 +1,17 @@
+# @TEST-DOC: Test that misc/dump events works.
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/psql-select-now.pcap %INPUT >>output
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/psql-insert-fail-drop-fail.pcap %INPUT >>output
+#
+# @TEST-EXEC: btest-diff output
+
+@load base/protocols/postgresql/spicy-events.zeek
+@load misc/dump-events
+
+redef DumpEvents::dump_all_events = T;
+redef DumpEvents::include=/^(PostgreSQL|analyzer_)/;
+
+event zeek_init() {
+	Analyzer::register_for_port(Analyzer::ANALYZER_POSTGRESQL, 5432/tcp);
+}
diff --git a/testing/btest/scripts/base/protocols/postgresql/http-on-port-5432.zeek b/testing/btest/scripts/base/protocols/postgresql/http-on-port-5432.zeek
new file mode 100644
index 0000000000..1e19888bf0
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/http-on-port-5432.zeek
@@ -0,0 +1,13 @@
+# @TEST-DOC: Test rejecting wrong protocol.
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/http-on-port-5432.pcap %INPUT >output
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p history service  < conn.log > conn.cut
+# @TEST-EXEC: zeek-cut -m < analyzer.log > analyzer.cut
+#
+# @TEST-EXEC: btest-diff conn.cut
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="sed -r 's,(.*) \(/[^\)]+\),\1 (...),'" btest-diff analyzer.cut
+# @TEST-EXEC: test ! -f postgresql.log
+
+@load base/protocols/conn
+@load base/protocols/postgresql
diff --git a/testing/btest/scripts/base/protocols/postgresql/mysql-on-port-5432.zeek b/testing/btest/scripts/base/protocols/postgresql/mysql-on-port-5432.zeek
new file mode 100644
index 0000000000..9f7bc52f33
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/mysql-on-port-5432.zeek
@@ -0,0 +1,13 @@
+# @TEST-DOC: Test rejecting wrong protocol.
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/mysql-on-port-5432.pcap %INPUT >output
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p history service  < conn.log > conn.cut
+# @TEST-EXEC: zeek-cut -m < analyzer.log > analyzer.cut
+#
+# @TEST-EXEC: btest-diff conn.cut
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="sed -r 's,(.*) \(/[^\)]+\),\1 (...),'" btest-diff analyzer.cut
+# @TEST-EXEC: test ! -f postgresql.log
+
+@load base/protocols/conn
+@load base/protocols/postgresql
diff --git a/testing/btest/scripts/base/protocols/postgresql/parameter-status.zeek b/testing/btest/scripts/base/protocols/postgresql/parameter-status.zeek
new file mode 100644
index 0000000000..fffb9c63b8
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/parameter-status.zeek
@@ -0,0 +1,12 @@
+# @TEST-DOC: Test the parameter status event.
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/psql-login-no-sslrequest.pcap %INPUT >output
+#
+# @TEST-EXEC: btest-diff output
+
+@load base/protocols/postgresql
+
+event PostgreSQL::parameter_status(c: connection, name: string, value: string) {
+	print "parameter_status", c$uid, name, value;
+}
diff --git a/testing/btest/scripts/base/protocols/postgresql/psql-auth.zeek b/testing/btest/scripts/base/protocols/postgresql/psql-auth.zeek
new file mode 100644
index 0000000000..d40d9bcc82
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/psql-auth.zeek
@@ -0,0 +1,20 @@
+# @TEST-DOC: Test Zeek parsing a trace file through the PostgreSQL analyzer.
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/psql-select-now.pcap %INPUT >output
+#
+# @TEST-EXEC: btest-diff output
+
+@load base/protocols/postgresql
+
+event PostgreSQL::authentication_request(c: connection, identifier: count, data: string) {
+	print "authentication_request", c$uid, identifier, data;
+}
+
+event PostgreSQL::authentication_response(c: connection, data: string) {
+	print "authentication_response", c$uid, data;
+}
+
+event PostgreSQL::authentication_ok(c: connection) {
+	print "authentication_ok", c$uid;
+}
diff --git a/testing/btest/scripts/base/protocols/postgresql/psql-aws-ssl-disable-15432.zeek b/testing/btest/scripts/base/protocols/postgresql/psql-aws-ssl-disable-15432.zeek
new file mode 100644
index 0000000000..ca28dd3654
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/psql-aws-ssl-disable-15432.zeek
@@ -0,0 +1,12 @@
+# @TEST-DOC: Test that the dpd.sig picks up a plaintext connection on a non-standard port.
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/psql-aws-ssl-disable-15432.pcap %INPUT >output
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p service  < conn.log > conn.cut
+# @TEST-EXEC: zeek-cut -m < postgresql.log > postgresql.cut
+#
+# @TEST-EXEC: btest-diff conn.cut
+# @TEST-EXEC: btest-diff postgresql.cut
+
+@load base/protocols/conn
+@load base/protocols/postgresql
diff --git a/testing/btest/scripts/base/protocols/postgresql/psql-aws-ssl-disable.zeek b/testing/btest/scripts/base/protocols/postgresql/psql-aws-ssl-disable.zeek
new file mode 100644
index 0000000000..c057c521b9
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/psql-aws-ssl-disable.zeek
@@ -0,0 +1,14 @@
+# @TEST-DOC: Test that SSLRequest is recognized and ssl.log exists
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/psql-aws-ssl-disable.pcap %INPUT
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p service  < conn.log > conn.cut
+# @TEST-EXEC: zeek-cut -m < postgresql.log > postgresql.cut
+#
+# @TEST-EXEC: btest-diff conn.cut
+# @TEST-EXEC: btest-diff postgresql.cut
+# @TEST-EXEC: test ! -f ssl.log
+
+@load base/protocols/conn
+@load base/protocols/postgresql
+@load base/protocols/ssl
diff --git a/testing/btest/scripts/base/protocols/postgresql/psql-aws-ssl-require-15432.zeek b/testing/btest/scripts/base/protocols/postgresql/psql-aws-ssl-require-15432.zeek
new file mode 100644
index 0000000000..9bba902072
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/psql-aws-ssl-require-15432.zeek
@@ -0,0 +1,15 @@
+# @TEST-DOC: Test that the dpd.sig picks up the SSLRequest and server response on a non-standard port.
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/psql-aws-ssl-require-15432.pcap %INPUT >output
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p service  < conn.log > conn.cut
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name < ssl.log > ssl.cut
+# @TEST-EXEC: zeek-cut -m < postgresql.log > postgresql.cut
+#
+# @TEST-EXEC: btest-diff conn.cut
+# @TEST-EXEC: btest-diff ssl.cut
+# @TEST-EXEC: btest-diff postgresql.cut
+
+@load base/protocols/conn
+@load base/protocols/postgresql
+@load base/protocols/ssl
diff --git a/testing/btest/scripts/base/protocols/postgresql/psql-aws-ssl-require.zeek b/testing/btest/scripts/base/protocols/postgresql/psql-aws-ssl-require.zeek
new file mode 100644
index 0000000000..ec2e4bda50
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/psql-aws-ssl-require.zeek
@@ -0,0 +1,15 @@
+# @TEST-DOC: Test that SSLRequest is recognized and ssl.log exists
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/psql-aws-ssl-require.pcap %INPUT
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p service  < conn.log > conn.cut
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name < ssl.log > ssl.cut
+# @TEST-EXEC: zeek-cut -m < postgresql.log > postgresql.cut
+#
+# @TEST-EXEC: btest-diff conn.cut
+# @TEST-EXEC: btest-diff ssl.cut
+# @TEST-EXEC: btest-diff postgresql.cut
+
+@load base/protocols/conn
+@load base/protocols/postgresql
+@load base/protocols/ssl
diff --git a/testing/btest/scripts/base/protocols/postgresql/psql-create-insert-select.zeek b/testing/btest/scripts/base/protocols/postgresql/psql-create-insert-select.zeek
new file mode 100644
index 0000000000..13bf673800
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/psql-create-insert-select.zeek
@@ -0,0 +1,12 @@
+# @TEST-DOC: Trace with CREATE TABLE, INSERT, SELECT DELETE and DROP.
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/psql-create-insert-select-delete-drop.pcap %INPUT >output
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p service  < conn.log > conn.cut
+# @TEST-EXEC: zeek-cut -m < postgresql.log > postgresql.cut
+#
+# @TEST-EXEC: btest-diff conn.cut
+# @TEST-EXEC: btest-diff postgresql.cut
+
+@load base/protocols/conn
+@load base/protocols/postgresql
diff --git a/testing/btest/scripts/base/protocols/postgresql/psql-insert-fail-drop-fail.zeek b/testing/btest/scripts/base/protocols/postgresql/psql-insert-fail-drop-fail.zeek
new file mode 100644
index 0000000000..b037213bc5
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/psql-insert-fail-drop-fail.zeek
@@ -0,0 +1,12 @@
+# @TEST-DOC: Test Zeek parsing a trace file through the PostgreSQL analyzer.
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/psql-insert-fail-drop-fail.pcap ${PACKAGE} %INPUT >output
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p service  < conn.log > conn.cut
+# @TEST-EXEC: zeek-cut -m < postgresql.log > postgresql.cut
+#
+# @TEST-EXEC: btest-diff conn.cut
+# @TEST-EXEC: btest-diff postgresql.cut
+
+@load base/protocols/conn
+@load base/protocols/postgresql
diff --git a/testing/btest/scripts/base/protocols/postgresql/psql-login-fail.zeek b/testing/btest/scripts/base/protocols/postgresql/psql-login-fail.zeek
new file mode 100644
index 0000000000..1ad7bf05a9
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/psql-login-fail.zeek
@@ -0,0 +1,12 @@
+# @TEST-DOC: Test Zeek parsing a trace file through the PostgreSQL analyzer.
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/psql-login-fail.pcap %INPUT >output
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p service  < conn.log > conn.cut
+# @TEST-EXEC: zeek-cut -m < postgresql.log > postgresql.cut
+#
+# @TEST-EXEC: btest-diff conn.cut
+# @TEST-EXEC: btest-diff postgresql.cut
+
+@load base/protocols/conn
+@load base/protocols/postgresql
diff --git a/testing/btest/scripts/base/protocols/postgresql/psql-login-no-sslrequest.zeek b/testing/btest/scripts/base/protocols/postgresql/psql-login-no-sslrequest.zeek
new file mode 100644
index 0000000000..7814304611
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/psql-login-no-sslrequest.zeek
@@ -0,0 +1,12 @@
+# @TEST-DOC: The client does not start with SSLRequest. This pcap has two connections, attempting without password.
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/psql-login-no-sslrequest.pcap %INPUT >output
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p service  < conn.log > conn.cut
+# @TEST-EXEC: zeek-cut -m < postgresql.log > postgresql.cut
+#
+# @TEST-EXEC: btest-diff conn.cut
+# @TEST-EXEC: btest-diff postgresql.cut
+
+@load base/protocols/conn
+@load base/protocols/postgresql
diff --git a/testing/btest/scripts/base/protocols/postgresql/psql-select-now.zeek b/testing/btest/scripts/base/protocols/postgresql/psql-select-now.zeek
new file mode 100644
index 0000000000..ce631c9825
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/psql-select-now.zeek
@@ -0,0 +1,12 @@
+# @TEST-DOC: Test Zeek parsing a trace file through the PostgreSQL analyzer.
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/psql-select-now.pcap %INPUT >output
+# @TEST-EXEC: zeek-cut -m ts uid id.orig_h id.orig_p id.resp_h id.resp_p service  < conn.log > conn.cut
+# @TEST-EXEC: zeek-cut -m < postgresql.log > postgresql.cut
+#
+# @TEST-EXEC: btest-diff conn.cut
+# @TEST-EXEC: btest-diff postgresql.cut
+
+@load base/protocols/conn
+@load base/protocols/postgresql
diff --git a/testing/btest/scripts/base/protocols/postgresql/startup-parameter.zeek b/testing/btest/scripts/base/protocols/postgresql/startup-parameter.zeek
new file mode 100644
index 0000000000..77b23b45b7
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/postgresql/startup-parameter.zeek
@@ -0,0 +1,12 @@
+# @TEST-DOC: Event for name, value pairs in the startup message.
+#
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -b -Cr ${TRACES}/postgresql/psql-login-no-sslrequest.pcap %INPUT >output
+#
+# @TEST-EXEC: btest-diff output
+
+@load base/protocols/postgresql
+
+event PostgreSQL::startup_parameter(c: connection, name: string, value: string) {
+	print "startup_parameter", c$uid, name, value;
+}