I know and use Zeek's ability to extract mysql
commands, users, rows count
and status from the network traffic. Is it possible to do the same for
PostgreSQL? If not, how complicated do you think it would be for me to
You would have to implement a full parser for the PostgresQL protocol,
using either Spicy or binpac.
Given the fact that the Postgres protocol is probably not the easiest -
that is probably a significant undertaking. On the plus side - it seems to
be rather well documented. But - if you have never done anything like that
before - I would assume at least a month of near full-time work.
I hope that helps - and sorry for the late answer,