Bug #4261

Shorten events/search output in case of too long events

Added by Pavel Kácha 8 months ago. Updated 7 months ago.

Status:ClosedStart date:08/10/2018
Priority:NormalDue date:
Assignee:Jan Mach% Done:


Category:Development - GUI
Target version:2.1


If events to show are too big (lot of sources/targets), search output chokes.

Trim those lists (all lists, even Categories or whatever may get screwed up by sending clients) early in the process to not choke reading, processing, templating and client browser on it.

Related issues

Related to Mentat - Bug #4253: Handling of too big events New 08/09/2018

Associated revisions

Revision 246a2e75
Added by Jan Mach 7 months ago

Fix: Fixed the output on web interface in case there are too many sources/targets/ports in the IDEA message.

It was possible for the IDEA message to contain even hundreds of thousands of IP addresses or ports in in source/target subkeys. In this case the event search and show views were rendered unusable. It could take minutes to render the result page and the display was cluttered and unusable. This patch should fix that. (Redmine issue: #4261)

Revision 874063bd
Added by Jan Mach 7 months ago

Underlined the shortened output in event search and detail views to hint the tooltip.

When the output within the event search result table or event detail page gets shortened, user might not be aware that there is a tooltip with additional information. (Redmine issue: #4261)


#1 Updated by Pavel Kácha 8 months ago

  • Related to Bug #4253: Handling of too big events added

#2 Updated by Pavel Kácha 8 months ago

Note that Aug 7 labrea reporter got silenced (produces trimmed and split events), so look for older examples. (Maybe based on original Radko’s example https://mentat-hub.cesnet.cz/mentat/events/show/26aa5f45-1a36-4bf4-b1ee-f2d5e9e1c140).

#3 Updated by Radko Krkoš 8 months ago

Another related effect is overload of disk subsystem (sustained disk utilization of ~80%) somewhere during import chain when processing such large events, leaving very little room for other activities, severely degrading overall performance. This has to be investigated further as it is effectively a DoS vector and there is a real chance of such events appearing from aggregators in near future.

#4 Updated by Pavel Kácha 8 months ago

  • Related to Feature #4273: Consider/choose/implement different communication protocol added

#5 Updated by Pavel Kácha 8 months ago

  • Related to deleted (Feature #4273: Consider/choose/implement different communication protocol)

#6 Updated by Jan Mach 7 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

I think that with attached commit the issue should be resolved.

#7 Updated by Pavel Kácha 7 months ago

  • Status changed from Feedback to Closed

Also available in: Atom PDF