Hi,
I’m using Zeek for quite some time now and I must say that it is one of the best IDSs out there today. Thanks a lot for a the hard work!!
I know and use Zeek’s ability to extract mysql commands, users, rows count and status from the network traffic. Is it possible to do the same for PostgreSQL? If not, how complicated do you think it would be for me to implement it?
Thanks in advance,
Yuval.
Hi,
I know and use Zeek's ability to extract mysql commands, users, rows count
and status from the network traffic. Is it possible to do the same for
PostgreSQL? If not, how complicated do you think it would be for me to
implement it?
You would have to implement a full parser for the PostgresQL protocol,
using either Spicy or binpac.
Given the fact that the Postgres protocol is probably not the easiest -
that is probably a significant undertaking. On the plus side - it seems to
be rather well documented. But - if you have never done anything like that
before - I would assume at least a month of near full-time work.
I hope that helps - and sorry for the late answer,
Johanna