aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

userguide/eve: explain pgsql requests & responses

Browse Source 
Add a more visible explanation of that requests, responses, frontend and
and backend are, in Pgsql context, to avoid having to repeat that over
different portions of the docs.
pull/10061/head
Juliana Fajardini 2 years ago committed by Victor Julien
parent 30ac77ce65
commit bba3d4fc63
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File

13
doc/userguide/output/eve/eve-json-format.rst
Unescape Escape View File

@ -2490,22 +2490,22 @@ Fields
Request Messages Request Messages
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~
Some of the possible request messages are: Requests are sent by the frontend (client), which would be the source of a pgsql
flow. Some of the possible request messages are:
* "startup_message": message sent by a frontend/client process to start a new * "startup_message": message sent to start a new PostgreSQL connection
PostgreSQL connection
* "password_message": if password output for PGSQL is enabled in suricata.yaml, * "password_message": if password output for PGSQL is enabled in suricata.yaml,
carries the password sent during Authentication phase carries the password sent during Authentication phase
* "simple_query": issued SQL command during simple query subprotocol. PostgreSQL * "simple_query": issued SQL command during simple query subprotocol. PostgreSQL
identifies specific sets of commands that change the set of expected messages identifies specific sets of commands that change the set of expected messages
to be exchanged as subprotocols. to be exchanged as subprotocols.
* "message": frontend responses which do not have meaningful payloads are logged
like this, where the field value is the message type
* ``"message": "cancel_request"``: sent after a query, when the frontend * ``"message": "cancel_request"``: sent after a query, when the frontend
attempts to cancel said query. This message is sent over a different port, attempts to cancel said query. This message is sent over a different port,
thus bring shown as a different flow. It has no direct answer from the thus bring shown as a different flow. It has no direct answer from the
backend, but if successful will lead to an ``ErrorResponse`` in the backend, but if successful will lead to an ``ErrorResponse`` in the
transaction where the query was sent. transaction where the query was sent.
* "message": requests which do not have meaningful payloads are logged like this,
where the field value is the message type
There are several different authentication messages possible, based on selected There are several different authentication messages possible, based on selected
authentication method. (e.g. the SASL authentication will have a set of authentication method. (e.g. the SASL authentication will have a set of
@ -2514,7 +2514,8 @@ authentication messages different from when ``md5`` authentication is chosen).
Response Messages Response Messages
~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~
Some of the possible request messages are: Responses are sent by the backend (server), which would be the destination of a
pgsql flow. Some of the possible request messages are:
* "authentication_sasl_final": final SCRAM ``server-final-message``, as explained * "authentication_sasl_final": final SCRAM ``server-final-message``, as explained
at https://www.postgresql.org/docs/14/sasl-authentication.html#SASL-SCRAM-SHA-256 at https://www.postgresql.org/docs/14/sasl-authentication.html#SASL-SCRAM-SHA-256

Write Preview
Loading…
Cancel
Save