filetype: regular
filename: eve.json
types:
- - pgsql
+ - pgsql:
+ passwords: false
app-layer:
protocols:
dest_port: 5432
event_type: pgsql
pcap_cnt: 29
+ not-has-key: pgsql.request.password
pgsql.response.message: authentication_ok
pgsql.response.parameter_status[0].application_name: psql
pgsql.response.parameter_status[10].time_zone: Etc/UTC
--- /dev/null
+# Description
+
+Tests that when PostgreSQL (pgsql) EVE log config is set to not log out password
+messages, it doesn't.
+
+## PCAP
+
+Pcap file reused from pgsql-ssl-rejected-md5-auth-simple-query
+
+## Redmine ticket
+
+https://redmine.openinfosecfoundation.org/issues/6092
--- /dev/null
+%YAML 1.1
+---
+
+outputs:
+ - eve-log:
+ enabled: yes
+ filetype: regular
+ filename: eve.json
+ types:
+ - pgsql:
+ enabled: yes
+ #passwords: no # enable output of passwords Default is false
+ - flow
+
+app-layer:
+ protocols:
+ pgsql:
+ enabled: yes
--- /dev/null
+requires:
+# Pgsql was released on version 7.0
+ min-version: 7.0
+
+pcap: ../pgsql-ssl-rejected-md5-auth-simple-query/input.pcap
+
+args:
+- -k none
+
+checks:
+# subtest 1
+- filter:
+ count: 1
+ match:
+ dest_ip: 10.16.1.11
+ dest_port: 5432
+ event_type: pgsql
+ pcap_cnt: 25
+ proto: TCP
+ src_ip: 10.16.1.10
+ src_port: 40816
+ pgsql.tx_id: 2
+ pgsql.request.protocol_version: '3.0'
+ pgsql.request.startup_parameters.optional_parameters[0].database: indexer
+ pgsql.request.startup_parameters.user: indexer
+ pgsql.response.authentication_md5_password: "\\x9fi\x1A\\x8e"
+# subtest 2
+- filter:
+ count: 1
+ match:
+ dest_ip: 10.16.1.11
+ dest_port: 5432
+ event_type: pgsql
+ pcap_cnt: 29
+ pgsql.tx_id: 3
+ not-has-key: pgsql.request.password
+ pgsql.response.message: authentication_ok
+ pgsql.response.process_id: 61
+ pgsql.response.secret_key: 3152142766
--- /dev/null
+# Description
+
+Tests that when PostgreSQL (pgsql) EVE log config is set to log password
+messages, it does.
+
+## PCAP
+
+Pcap file reused from pgsql-ssl-rejected-md5-auth-simple-query
+
+## Redmine ticket
+
+https://redmine.openinfosecfoundation.org/issues/6092
--- /dev/null
+%YAML 1.1
+---
+
+outputs:
+ - eve-log:
+ enabled: yes
+ filetype: regular
+ filename: eve.json
+ types:
+ - pgsql:
+ enabled: yes
+ passwords: yes
+ - flow
+
+app-layer:
+ protocols:
+ pgsql:
+ enabled: yes
--- /dev/null
+requires:
+# Pgsql was released on version 7.0
+ min-version: 7.0
+
+pcap: ../pgsql-ssl-rejected-md5-auth-simple-query/input.pcap
+
+args:
+- -k none
+
+checks:
+- filter:
+ count: 1
+ match:
+ dest_ip: 10.16.1.11
+ dest_port: 5432
+ event_type: pgsql
+ pcap_cnt: 29
+ has-key: pgsql.request.password
+ pgsql.response.message: authentication_ok
dest_ip: 100.96.199.113
dest_port: 5432
event_type: pgsql
+ not-has-key: pgsql.request.password
pgsql.response.message: authentication_ok
pgsql.response.parameter_status[0].application_name: psql
pgsql.response.process_id: 28954
event_type: pgsql
pcap_cnt: 12
pgsql.response.message: authentication_ok
+ not-has-key: pgsql.request.password
pgsql.response.parameter_status[0].application_name: psql
pgsql.response.parameter_status[10].time_zone: Europe/London
pgsql.response.parameter_status[1].client_encoding: UTF8