Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

postgresql: Initial parser implementation

Browse source 
This adds a protocol parser for the PostgreSQL protocol and a new
postgresql.log similar to the existing mysql.log.

This should be considered preliminary and hopefully during 7.1 and 7.2
with feedback from the community, we can improve on the events and logs.
Even if most PostgreSQL communication is encrypted in the real-world, this
will minimally allow monitoring of the SSLRequest and hand off further
analysis to the SSL analyzer.

This originates from github.com/awelzel/spicy-postgresql, with lots of
polishing happening in the past two days.
This commit is contained in:
Arne Welzel 2024-09-04 16:59:30 +02:00
parent 2907d9feee
commit 85ca59484b
82 changed files with 1803 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

3
testing/btest/Baseline/scripts.base.protocols.postgresql.psql-insert-fail-drop-fail/conn.cut Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ts uid id.orig_h id.orig_p id.resp_h id.resp_p service
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 56698 127.0.0.1 5432 postgresql

9
testing/btest/Baseline/scripts.base.protocols.postgresql.psql-insert-fail-drop-fail/postgresql.cut Normal file
View file

@ -0,0 +1,9 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ts uid id.orig_h id.orig_p id.resp_h id.resp_p user database application_name frontend frontend_arg backend backend_arg success rows
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 56698 127.0.0.1 5432 postgres postgres psql startup - auth_ok SASL,SASLContinue,SASLFinal T -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 56698 127.0.0.1 5432 postgres postgres psql simple_query DROP TABLE IF EXISTS t; - SeverityLocalized=NOTICE,Severity=NOTICE,Code=00000,Message=table "t" does not exist, skipping,File=tablecmds.c,Line=1300,Routine=DropErrorMsgNonExistent T 0
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 56698 127.0.0.1 5432 postgres postgres psql simple_query CREATE TABLE IF NOT EXISTS t (i int, s varchar, t time); - - T 0
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 56698 127.0.0.1 5432 postgres postgres psql simple_query INSERT INTO t VALUES (now(), now(), now()); error SeverityLocalized=ERROR,Severity=ERROR,Code=42804,Message=column "i" is of type integer but expression is of type timestamp with time zone,Hint=You will need to rewrite or cast the expression.,Position=23,File=parse_target.c,Line=586,Routine=transformAssignedExpr F -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 56698 127.0.0.1 5432 postgres postgres psql simple_query DROP TABLE t; - - T 0
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 56698 127.0.0.1 5432 postgres postgres psql simple_query DROP TABLE t; error SeverityLocalized=ERROR,Severity=ERROR,Code=42P01,Message=table "t" does not exist,File=tablecmds.c,Line=1294,Routine=DropErrorMsgNonExistent F -
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 56698 127.0.0.1 5432 postgres postgres psql terminate - - - - -