Skip to content

Commit

Permalink
userguide/eve: explain pgsql requests & responses
Browse files Browse the repository at this point in the history 
Add a more visible explanation of that requests, responses, frontend and
and backend are, in Pgsql context, to avoid having to repeat that over
different portions of the docs.
  • Loading branch information
@jufajardini @victorjulien
jufajardini authored and victorjulien committed Dec 15, 2023
1 parent 30ac77c commit bba3d4f
Showing 1 changed file with 7 additions and 6 deletions.
13 changes: 7 additions & 6 deletions doc/userguide/output/eve/eve-json-format.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2490,22 +2490,22 @@ Fields
Request Messages
~~~~~~~~~~~~~~~~

Some of the possible request messages are:
Requests are sent by the frontend (client), which would be the source of a pgsql
flow. Some of the possible request messages are:

* "startup_message": message sent by a frontend/client process to start a new
PostgreSQL connection
* "startup_message": message sent to start a new PostgreSQL connection
* "password_message": if password output for PGSQL is enabled in suricata.yaml,
carries the password sent during Authentication phase
* "simple_query": issued SQL command during simple query subprotocol. PostgreSQL
identifies specific sets of commands that change the set of expected messages
to be exchanged as subprotocols.
* "message": frontend responses which do not have meaningful payloads are logged
like this, where the field value is the message type
* ``"message": "cancel_request"``: sent after a query, when the frontend
attempts to cancel said query. This message is sent over a different port,
thus bring shown as a different flow. It has no direct answer from the
backend, but if successful will lead to an ``ErrorResponse`` in the
transaction where the query was sent.
* "message": requests which do not have meaningful payloads are logged like this,
where the field value is the message type

There are several different authentication messages possible, based on selected
authentication method. (e.g. the SASL authentication will have a set of
Expand All @@ -2514,7 +2514,8 @@ authentication messages different from when ``md5`` authentication is chosen).
Response Messages
~~~~~~~~~~~~~~~~~

Some of the possible request messages are:
Responses are sent by the backend (server), which would be the destination of a
pgsql flow. Some of the possible request messages are:

* "authentication_sasl_final": final SCRAM ``server-final-message``, as explained
at https://www.postgresql.org/docs/14/sasl-authentication.html#SASL-SCRAM-SHA-256
Expand Down

0 comments on commit bba3d4f

Please sign in to comment.