Creating / filtering delta reports

Hi. I’m trying to apply a filter to a delta report, but it seems to time out or otherwise fail.

Situation: There are two reports from one scan task that I want to compare and then only show results that are new in the last report or that occurred in the first report, but don’t appear in the last report anymore (marked with [+] and [-] in the result list).

The delta report is shown, but when I try to apply the filter “delta_states=ng first=1 rows=100 sort=name apply_overrides=1”, there’s no visible effect on the results list - number of results stays the same, there’s no blinking logo that indicates any activity. I can see one CPU core go to 100% with postgres, run at max load for some time and then return to a normal state, but the results display doesn’t change, which seems to point to some kind of timeout maybe?

The filter I try to apply also is not displayed as the “Applied filter” at the end of the results list on each page, this simply continues to show the default filter string. It also makes no difference if I enter the filter manually or as a stored filter.

There’s no entry in any of the log files in /var/log/gvmd/ during any of this.

Am I misunderstanding how this is supposed to work? If this is really some kind of timeout, is there a way to increase it?



Bonus question: If I configure a filter with filter expression delta_states=ng first=1 rows=300 sort=name and apply that to the result set of a delta report, entries with [=] and [~] are still shown, while the status line displays (Applied filter: apply_overrides=0 min_qod=70 delta_states=ng first=1 rows=300 sort=name). Why is the delta_states=ng not used?

GVM versions

gsad: Greenbone Security Assistant 22.08.0~git
gvmd: Greenbone Vulnerability Manager 23.1.0
openvas-scanner: OpenVAS 22.7.7
gvm-libs: gvm-libs 22.7.3


Operating system: Debian 6.5.6-1kali1 (2023-10-09) x86_64 GNU/Linux
Kernel: Linux gb-kali 6.5.0-kali3-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.5.6-1kali1 (2023-10-09) x86_64 GNU/Linux
Installation method / source: apt-get

You can adjust the GSA web-interface timeout via the config file and setting the timeout variable.

As for the “bonus question”, I guess you are following the documentation about delta reports found here. As far as I know, the delta report uses diff Linux command on the backend, with the input being the text files from the two reports. I’m not sure if that helps or not, but you may want to check how the diff command is handling the parsing of the two files.

Thanks @rippledj , that helped solving the timeout problem.

You’re right, I follow the steps in the docs to generate the delta report. I wasn’t aware diff is used for that, the spike in postgres cpu usage made me think it’s all done in sql.

What I don’t understand is, if I enter a filter expression like severity>7 and delta_states=ng into the filter input box on the results page (which I understand to be a valid expression following the docs), the delta_results=ng is removed from the input field and not applied to the results. The filter input then shows severity>7 and (which works as intended) and the delta_results is ignored.

Is that a bug or am I doing something wrong?