[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bro
Subject:    [Zeek] Re: PostgreSQL traffic analyzer script
From:       Johanna Amann via zeek <zeek () lists ! zeek ! org>
Date:       2020-09-02 18:09:01
Message-ID: 20200902180901.qtqrd6d3kb47xrvx () Ombey ! local
[Download RAW message or body]

Hi,

> I know and use Zeek's ability to extract mysql commands, users, rows count
> and status from the network traffic. Is it possible to do the same for
> PostgreSQL? If not, how complicated do you think it would be for me to
> implement it?

You would have to implement a full parser for the PostgresQL protocol,
using either Spicy or binpac.

Given the fact that the Postgres protocol is probably not the easiest -
that is probably a significant undertaking. On the plus side - it seems to
be rather well documented. But - if you have never done anything like that
before - I would assume at least a month of near full-time work.

I hope that helps - and sorry for the late answer,
 Johanna

--
zeek mailing list -- zeek@lists.zeek.org
To unsubscribe send an email to zeek-leave@lists.zeek.org
[prev in list] [next in list] [prev in thread] [next in thread]