Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Logtest] Enhance the output of Ruleset Test #4141

Merged
merged 2 commits into from May 11, 2022
Merged

[Logtest] Enhance the output of Ruleset Test #4141

merged 2 commits into from May 11, 2022

Conversation

Desvelao
Copy link
Member

@Desvelao Desvelao commented May 10, 2022
edited

Description

This PR enhances the output of the Ruleset Test utility by replicating the output of the wazuh-logtest utility.

Unique log:
image

Multiple logs:
image

Log no match a decoder:
image

Changes

  • Remove the logging of the specific fields
  • Replicate the output of the wazuh-logtest utility:
    • Add tabulations
    • Fix phase text
    • Wrap the values in single quotes
    • Displays the fields that are defined

Test

Go to Tools/Ruleset Test and check the next cases are working as expected:

  • Unique log that matches a decoder and rule

For example:

Jul 06 22:00:22 linux-agent sshd[29205]: Invalid user blimey from 1.3.1.3 port 48928
  • Multiple logs (match or not)

For example:

Jul 06 22:00:22 linux-agent sshd[29205]: Invalid user blimey from 1.3.1.3 port 48928
Jul 06 22:00:22 linux-agent custom[10215]: Invalid user custom_user from 0.0.0.0 port 48900
  • Log that doesn't match a decoder

For example:

custom Jul 06 22:00:22 linux-agent sshd[29205]: Invalid user blimey from 1.3.1.3 port 48928

The message No decoder matched. in phase 2 should appear.

  • Any other case that is not defined here.

@Desvelao
fix(logtest): Enhance the output of the Ruleset Test (wazuh-logtest)
0d48210 
  - Remove the logging of the specific fields
  - Replicate the output of the `wazuh-logtest` utility:
    - Add tabulations
    - Fix phase text
    - Wrap the values in single quotes
    - Displays the fields that are defined
@Desvelao Desvelao self-assigned this May 10, 2022
@Desvelao Desvelao linked an issue May 10, 2022 that may be closed by this pull request
[Logtest] Error displaying falsy values as not defined with - #4138
Closed
@Desvelao Desvelao added the 4.3 label May 10, 2022
@github-actions
Copy link
Contributor

Jest Test Coverage % values
Statements 4.04% ( 1478 / 36563 )
Branches 1.62% ( 461 / 28437 )
Functions 2.99% ( 267 / 8935 )
Lines 4.09% ( 1430 / 34958 )

@Desvelao Desvelao mentioned this pull request May 10, 2022
Closed
AlexRuiz7
AlexRuiz7 approved these changes May 10, 2022
View reviewed changes
Copy link
Member

@AlexRuiz7 AlexRuiz7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CR: Run prettier, otherwise OK.
Test: OK

yenienserrano
yenienserrano approved these changes May 11, 2022
View reviewed changes
Copy link
Member

@yenienserrano yenienserrano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CR: ✔️
Test: ✔️

@AlexRuiz7 AlexRuiz7 merged commit 2d7eb7b into 4.3-7.10 May 11, 2022
@AlexRuiz7 AlexRuiz7 deleted the fix/4138-logtest-displays-falsy-values-as-not-defined branch May 11, 2022 15:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlexRuiz7 AlexRuiz7 AlexRuiz7 approved these changes

@yenienserrano yenienserrano yenienserrano approved these changes

Assignees

@Desvelao Desvelao

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Logtest] Error displaying falsy values as not defined with -
3 participants
@Desvelao @AlexRuiz7 @yenienserrano