Conditions wrongly reordered - Githubissues

airbus-cyber / graylog-plugin-alert-wizard

Alert Wizard plugin for Graylog to manage the alert rules

Other

45 stars 7 forks source link

Conditions wrongly reordered #74

Closed frantz45 closed 7 months ago

frantz45 commented 2 years ago

Edit a rule
Load a log to be able to test the rule
Click on the Test button

Conditions's order will change, but only the values and the operator but not the field

frantz45 commented 1 year ago

Same behavior when you delete a condition

c8y3 commented 7 months ago

I am not seeing the condition's order change. Is it still the case? There is a indeed a problem when deleting a condition. It seems to always delete the last condition.

frantz45 commented 7 months ago

It seems the Test button doesn't work anymore. When I load a log it's automatically tested without I need to click on the Test button, but if I change a condition or if I load another log, the Test button doesn't have any effect.

Yes concerning the Delete button it always delete the last condition (I think it's a new bad behavior).

c8y3 commented 7 months ago

This code is trying to emulate the "Load message" behavior in rules editor of stream rules (StreamRulesEditor). But things have changed and it broke. Unfortunately, I feel it's not going to be a fast and easy fix :( I must go step by step. In any case, even the behavior of the "Load message" button in the StreamRulesEditor is somewhat strange: the first click to the button loads a message, the second stream checks this message against the rules and sets some colors...

c8y3 commented 7 months ago

The test button is supposed to check each condition against the loaded log and colour each condition accordingly (green/red)

c8y3 commented 7 months ago

Remove the test button on the creation page. Keep it on the edition page. It does not color lists conditions.

c8y3 commented 7 months ago

There is an additional difficulty about the test button I didn't foresee: if a condition was added, or modified, it is not possible to use the existing stream to test the conditions. Because the stream will not have been updated with the new conditions. So, if we want to have a test button, even in the edit page, we must create a temporary stream to test (which increases the complexity of the code).

On the other hand, in the Graylog stream rules editing page, the stream is updated as soon as a new rule is added.

frantz45 commented 7 months ago

Issue about conditions wrong order and deletion have been fixed. New specific issue for the Test button. This issue can be closed.