Postgres proxy

The Postgres proxy filter decodes the wire protocol between a Postgres client (downstream) and a Postgres server (upstream). The decoded information is currently used only to produce Postgres level statistics like sessions, statements or transactions executed, among others. This current version does not decode SQL queries. Future versions may add more statistics and more advanced capabilities. When the Postgres filter detects that a session is encrypted, the messages are ignored and no decoding takes place. More information:

Attention

The postgres_proxy filter is experimental and is currently under active development. Capabilities will be expanded over time and the configuration structures are likely to change.

Warning

The postgreql_proxy filter was tested only with Postgres frontend/backend protocol version 3.0, which was introduced in Postgres 7.4. Earlier versions are thus not supported. Testing is limited anyway to not EOL-ed versions.

Configuration

The Postgres proxy filter should be chained with the TCP proxy as shown in the configuration example below:

filter_chains:
- filters:
  - name: envoy.filters.network.postgres_proxy
    typed_config:
      "@type": type.googleapis.com/envoy.extensions.filters.network.postgres_proxy.v3alpha.PostgresProxy
      stat_prefix: postgres
  - name: envoy.tcp_proxy
    typed_config:
      "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
      stat_prefix: tcp
      cluster: postgres_cluster

Statistics

Every configured Postgres proxy filter has statistics rooted at postgres.<stat_prefix> with the following statistics:

Name

Type

Description

errors

Counter

Number of times the server replied with ERROR message

errors_error

Counter

Number of times the server replied with ERROR message with ERROR severity

errors_fatal

Counter

Number of times the server replied with ERROR message with FATAL severity

errors_panic

Counter

Number of times the server replied with ERROR message with PANIC severity

errors_unknown

Counter

Number of times the server replied with ERROR message but the decoder could not parse it

messages

Counter

Total number of messages processed by the filter

messages_backend

Counter

Total number of backend messages detected by the filter

messages_frontend

Counter

Number of frontend messages detected by the filter

messages_unknown

Counter

Number of times the filter successfully decoded a message but did not know what to do with it

sessions

Counter

Total number of successful logins

sessions_encrypted

Counter

Number of times the filter detected encrypted sessions

sessions_unencrypted

Counter

Number of messages indicating unencrypted successful login

statements

Counter

Total number of SQL statements

statements_delete

Counter

Number of DELETE statements

statements_insert

Counter

Number of INSERT statements

statements_select

Counter

Number of SELECT statements

statements_update

Counter

Number of UPDATE statements

statements_other

Counter

Number of statements other than DELETE, INSERT, SELECT or UPDATE

transactions

Counter

Total number of SQL transactions

transactions_commit

Counter

Number of COMMIT transactions

transactions_rollback

Counter

Number of ROLLBACK transactions

notices

Counter

Total number of NOTICE messages

notices_notice

Counter

Number of NOTICE messages with NOTICE subtype

notices_log

Counter

Number of NOTICE messages with LOG subtype

notices_warning

Counter

Number ofr NOTICE messags with WARNING severity

notices_debug

Counter

Number of NOTICE messages with DEBUG severity

notices_info

Counter

Number of NOTICE messages with INFO severity

notices_unknown

Counter

Number of NOTICE messages which could not be recognized