Project

General

Profile

Actions

Bug #25705

open

search on event log must also search on event type

Added by Nicolas CHARLES 2 months ago. Updated 20 days ago.

Status:
Pending release
Priority:
2
Category:
Web - Maintenance
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

If we plan to search on Node Modified event logs, there is no easy way to do that
We can type "no" (lowercase) that would partially filter ith what we want, but an extra character won't return anything

SQL query generated by "node" is

  select eventtype, id, modificationid, principal, creationdate, causeid, severity, reason, data  from ( select eventtype, id, modificationid, principal, creationdate, causeid, severity, reason, data, UNNEST(xpath('string(//entry)',data))::text as filter from eventlog) as temp1   where   temp1.filter like ?  and  creationDate >= ? and creationDate <= ?   order by id DESC  offset ?  limit ?  
 arguments = [%node%, 2024-10-16 13:05:02.0, 2024-10-18 13:05:02.0, 0, 25]

typical entry is

 4024 | 2024-10-15 00:29:13.817+00 |      100 |         | c6ca13c7-7b06-489c-b61b-afb2323463b7 | rudder    |        | NodeModified | <entry><node changeType="modify" fileFormat="6"><id>736320a2-998b-45f2-9bad-864b01d48d88</id><properties><from/><to><property><name>cpu_vulnerabilities</name><value>{&quot;gather_data_sampling&quot;:{&quot;status&quot;:&quot;unknown&quot;},&quot;itlb_multihit&quot;:{&quot;status&quot;:&quot;not-affected&quot;},&quot;l1tf&quot;:{&quot;details&quot;:&quot;PTE Inversion; VMX: flush not necessary, SMT disabled&quot;,&quot;status&quot;:&quot;mitigated&quot;},&quot;mds&quot;:{&quot;details&quot;:&quot;Clear CPU buffers; SMT Host state unknown&quot;,&quot;status&quot;:&quot;mitigated&quot;},&quot;meltdown&quot;:{&quot;details&quot;:&quot;PTI&quot;,&quot;status&quot;:&quot;mitigated&quot;},&quot;mmio_stale_data&quot;:{&quot;details&quot;:&quot;Clear CPU buffers attempted, no microcode; SMT Host state unknown&quot;,&quot;status&quot;:&quot;vulnerable&quot;},&quot;retbleed&quot;:{&quot;details&quot;:&quot;IBRS&quot;,&quot;status&quot;:&quot;mitigated&quot;},&quot;spec_store_bypass&quot;:{&quot;details&quot;:&quot;Speculative Store Bypass disabled via prctl and seccomp&quot;,&quot;status&quot;:&quot;mitigated&quot;},&quot;spectre_v1&quot;:{&quot;details&quot;:&quot;usercopy/swapgs barriers and __user pointer sanitization&quot;,&quot;status&quot;:&quot;mitigated&quot;},&quot;spectre_v2&quot;:{&quot;details&quot;:&quot;IBRS, IBPB: conditional, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected&quot;,&quot;status&quot;:&quot;mitigated&quot;},&quot;srbds&quot;:{&quot;status&quot;:&quot;unknown&quot;},&quot;tsx_async_abort&quot;:{&quot;status&quot;:&quot;not-affected&quot;}}</value></property><property><name>reboot_required</name><value>false</value></property></to></properties></node></entry>

which unest to

736320a2-998b-45f2-9bad-864b01d48d88cpu_vulnerabilities{"gather_data_sampling":{"status":"unknown"},"itlb_multihit":{"status":"not-affected"},"l1tf":{"details":"PTE Inversion; VMX: flush not necessary, SMT disabled","status":"mitigated"},"mds":{"details":"Clear CPU buffers; SMT Host state unknown","status":"mitigated"},"meltdown":{"details":"PTI","status":"mitigated"},"mmio_stale_data":{"details":"Clear CPU buffers attempted, no microcode; SMT Host state unknown","status":"vulnerable"},"retbleed":{"details":"IBRS","status":"mitigated"},"spec_store_bypass":{"details":"Speculative Store Bypass disabled via prctl and seccomp","status":"mitigated"},"spectre_v1":{"details":"usercopy/swapgs barriers and __user pointer sanitization","status":"mitigated"},"spectre_v2":{"details":"IBRS, IBPB: conditional, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected","status":"mitigated"},"srbds":{"status":"unknown"},"tsx_async_abort":{"status":"not-affected"}}reboot_requiredfalse

i would expect that it search either by event type, and that it would find the detailed change

Actions #2

Updated by François ARMAND about 2 months ago

  • Subject changed from search on event log seems broken to search on event log must also search on event type
  • Priority changed from To review to 2
Actions #3

Updated by Vincent MEMBRÉ about 1 month ago

  • Target version changed from 8.1.8 to 8.1.9
Actions #4

Updated by Vincent MEMBRÉ 25 days ago

  • Target version changed from 8.1.9 to 8.1.10
Actions #5

Updated by Clark ANDRIANASOLO 24 days ago

  • Status changed from New to In progress
  • Assignee set to Clark ANDRIANASOLO
Actions #6

Updated by Clark ANDRIANASOLO 24 days ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Clark ANDRIANASOLO to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/6055
Actions #7

Updated by Vincent MEMBRÉ 20 days ago

  • Target version changed from 8.1.10 to 8.1.11
Actions #8

Updated by Clark ANDRIANASOLO 20 days ago

  • Status changed from Pending technical review to Pending release
Actions

Also available in: Atom PDF