Correction to low warning events: single occurring event do not open in new window.

Hi Tom,

When there is a serie of events aggregated (example: 10 x TCP packet dropped):

- clicking on the event name will trigger a filter on this event name.
- clicking on the number before the events name will list all events aggregated.

When there is only one events (example: TCP packet dropped):

- clicking on the event will trigger a CSS popup from which there are two links:
- one to see the alert details
- the second, to add a filter on the event name

The problem is most probably that you are trying to open a non existing link (the CSS popup, instead of opening the popup, then activating the link) in a new Windows.

Could you confirm whether this is what is happening?

• Aggregated event, high severity (x2)
  - Clicking on the event name: No results are shown.
  - Clicking on the number before the event name: No results are shown. Removing filter on Classification column shows events

Above with severity low somewhat works. Clicking on event name shows just that event name with number beside it, from here event name doesn't link anymore, just the number.

• One event
  - Clicking on the event name, see alert details: Results are shown.
  - Clicking on the event name, add filter on the event name: No results are shown.

Tom Bicer wrote:

• Aggregated event, high severity (x2)
  - Clicking on the event name: No results are shown.
  - Clicking on the number before the event name: No results are shown. Removing filter on Classification column shows events

Above with severity low somewhat works. Clicking on event name shows just that event name with number beside it, from here event name doesn't link anymore, just the number.

• One event
  - Clicking on the event name, see alert details: Results are shown.
  - Clicking on the event name, add filter on the event name: No results are shown.

Filtering on classification.text seems broken for you. Could you please provides a screenshot of the empty view, after you click on the event name, with the inline filter box for classification open?

Regards,

Can't send screenshot, web server responsed with:

Internal error

An error occurred on the page you were trying to access.
If you continue to experience problems please contact your redMine administrator for assistance.

Tom Bicer wrote:

Can't send screenshot, web server responsed with:

Internal error

An error occurred on the page you were trying to access.
If you continue to experience problems please contact your redMine administrator for assistance.

Perhaps this may help. Changing filter condition on the event name to regular expression "~" works. However "=" on low warnings works just fine.

Could you please let us know what is the event name where this happened?
I suspect there might be some whitespace / escapping problem

Yoann Vandoorselaere wrote:

Could you please let us know what is the event name where this happened?
I suspect there might be some whitespace / escapping problem

Happens in all of them. Examples:
ET TROJAN Oficla Checkin (1)
SQL Microsoft SQL Server 2000 Server hello buffer overflow attempt
ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source)

I'm unable to reproduce this issue, could you please provides your libprelude and libpreludedb version?
Additionally, would it be possible to access the Prewikka instance where this problem is occuring?