base/protocols/postgresql/main.zeek

PostgreSQL

Implements base functionality for PostgreSQL analysis.

Namespace:

PostgreSQL

Imports:

base/protocols/conn/removal-hooks.zeek, base/protocols/postgresql/consts.zeek, base/protocols/postgresql/spicy-events.zeek

Summary

State Variables

PostgreSQL::ports: set &redef

Types

PostgreSQL::Info: record

Record type containing the column fields of the PostgreSQL log.

PostgreSQL::State: record

PostgreSQL::Version: record

Redefinitions

Log::ID: enum

Log stream identifier.

connection: record

New Fields:

connection

postgresql: PostgreSQL::Info &optional

postgresql_state: PostgreSQL::State &optional

likely_server_ports: set &redef

Events

PostgreSQL::log_postgresql: event

Default hook into PostgreSQL logging.

Hooks

PostgreSQL::finalize_postgresql: Conn::RemovalHook

Detailed Interface

State Variables

PostgreSQL::ports
Type:

set [port]

Attributes:

&redef

Default:
{
   5432/tcp
}

Types

PostgreSQL::Info
Type:

record

ts: time &log

Timestamp for when the activity happened.

uid: string &log

Unique ID for the connection.

id: conn_id &log

The connection’s 4-tuple of endpoint addresses/ports.

user: string &optional &log

The user as found in the StartupMessage.

database: string &optional &log

The database as found in the StartupMessage.

application_name: string &optional &log

The application name as found in the StartupMessage.

frontend: string &optional &log

frontend_arg: string &optional &log

backend: string &optional &log

backend_arg: string &optional &log

success: bool &optional &log

rows: count &optional &log

Record type containing the column fields of the PostgreSQL log.

PostgreSQL::State
Type:

record

version: PostgreSQL::Version &optional

user: string &optional

database: string &optional

application_name: string &optional

rows: count &default = 0 &optional

errors: vector of string

PostgreSQL::Version
Type:

record

major: count

minor: count

Events

PostgreSQL::log_postgresql
Type:

event (rec: PostgreSQL::Info)

Default hook into PostgreSQL logging.

Hooks

PostgreSQL::finalize_postgresql
Type:

Conn::RemovalHook