Project

General

Profile

Bug #371

opening events in new window/tab

Added by Tom Bicer about 11 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Start date:
02/12/2010
Due date:
% Done:

100%

Resolution:

Description

Opening events in new window or tab is inconsistent.
Unable to open events occurring only once in new window, this applies to medium and high warnings.
Events occurring more than once open in new window but with out any information, this applies to medium and high warnings.
Events with low warning open in new window and with information related to the warning
Prelude console version 1.0.0rc3

Associated revisions

Revision 830ec9fb (diff)
Added by Yoann Vandoorselaere about 11 years ago

Fix inline filtering problem for event name with start/ending space

When performing an exact comparison of the filter input, do not strip
space from the start and the end of the input, since it happen that
some sensor put a space at the end of the string. Closes #371.

History

#1 Updated by Tom Bicer about 11 years ago

Correction to low warning events: single occurring event do not open in new window.

#2 Updated by Yoann VANDOORSELAERE about 11 years ago

Hi Tom,

When there is a serie of events aggregated (example: 10 x TCP packet dropped):

- clicking on the event name will trigger a filter on this event name.
- clicking on the number before the events name will list all events aggregated.

When there is only one events (example: TCP packet dropped):

- clicking on the event will trigger a CSS popup from which there are two links:
- one to see the alert details
- the second, to add a filter on the event name

The problem is most probably that you are trying to open a non existing link (the CSS popup, instead of opening the popup, then activating the link) in a new Windows.

Could you confirm whether this is what is happening?

#3 Updated by Tom Bicer about 11 years ago

  • Aggregated event, high severity (x2)
    - Clicking on the event name: No results are shown.
    - Clicking on the number before the event name: No results are shown. Removing filter on Classification column shows events

Above with severity low somewhat works. Clicking on event name shows just that event name with number beside it, from here event name doesn't link anymore, just the number.

  • One event
    - Clicking on the event name, see alert details: Results are shown.
    - Clicking on the event name, add filter on the event name: No results are shown.

#4 Updated by Yoann VANDOORSELAERE about 11 years ago

Tom Bicer wrote:

  • Aggregated event, high severity (x2)
    - Clicking on the event name: No results are shown.
    - Clicking on the number before the event name: No results are shown. Removing filter on Classification column shows events

Above with severity low somewhat works. Clicking on event name shows just that event name with number beside it, from here event name doesn't link anymore, just the number.

  • One event
    - Clicking on the event name, see alert details: Results are shown.
    - Clicking on the event name, add filter on the event name: No results are shown.

Filtering on classification.text seems broken for you. Could you please provides a screenshot of the empty view, after you click on the event name, with the inline filter box for classification open?

Regards,

#5 Updated by Tom Bicer about 11 years ago

Can't send screenshot, web server responsed with:

Internal error

An error occurred on the page you were trying to access.
If you continue to experience problems please contact your redMine administrator for assistance.

#6 Updated by Tom Bicer about 11 years ago

Tom Bicer wrote:

Can't send screenshot, web server responsed with:

Internal error

An error occurred on the page you were trying to access.
If you continue to experience problems please contact your redMine administrator for assistance.

Perhaps this may help. Changing filter condition on the event name to regular expression "~" works. However "=" on low warnings works just fine.

#7 Updated by Yoann VANDOORSELAERE about 11 years ago

Could you please let us know what is the event name where this happened?
I suspect there might be some whitespace / escapping problem

#8 Updated by Tom Bicer about 11 years ago

Yoann Vandoorselaere wrote:

Could you please let us know what is the event name where this happened?
I suspect there might be some whitespace / escapping problem

Happens in all of them. Examples:
ET TROJAN Oficla Checkin (1)
SQL Microsoft SQL Server 2000 Server hello buffer overflow attempt
ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source)

#9 Updated by Yoann VANDOORSELAERE about 11 years ago

I'm unable to reproduce this issue, could you please provides your libprelude and libpreludedb version?
Additionally, would it be possible to access the Prewikka instance where this problem is occuring?

#10 Updated by Anonymous about 11 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#11 Updated by Thomas ANDREJAK over 5 years ago

  • Status changed from Resolved to Closed
  • Target version changed from 109 to Prelude OSS 1.0.0

Also available in: Atom PDF