Support

Support for business applications

Kaspersky Endpoint Security 12 for Linux

Application management concept

Managing the application using the command line

Using filters to limit results of queries

Kaspersky Endpoint Security 12 for Linux
Нет результатов
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools

Using filters to limit results of queries

July 22, 2024

ID 264094

Get as PDF

A filter allows you to limit the query results when executing application management commands.

Filter conditions are specified using one or more logical expressions, which are combined using the logical operator and. Filter conditions must be enclosed in quotation marks:

"<field> <comparison operator> '<value>'"

"<field> <comparison operator> '<value>' and <field> <comparison operator> '<value>'"

where:

  • <field> is the name of the field for the database.
  • <comparison operator> is one of the following comparison operators:
    • > is "greater than"
    • < is "less than"
    • like matches the specified value When specifying a value, you can use % masks: for example, the logical expression "FileName like '%etc%'" sets the limitation "contains the text "etc" in the FileName field"
    • == is "equal to"
    • != is "not equal to"
    • >= is "greater than or equal to"
    • <= is "less than or equal to"
  • <value> is the value of the field. The value must be enclosed in single quotation marks (').

    You can specify a date value in UNIX time (the number of seconds that have elapsed since 00:00:00 (UTC), January 1, 1970) or in YYYY-MM-DD hh:mm:ss format. The user specifies the date and time in the user's local time zone, and the application displays them in the same time zone.

You can use a filter in the following application management commands:

  • Display information about certain current events of the application:

    kesl-control -W --query "<filter conditions>"

  • Display information about certain application events in the event log:

    kesl-control -E --query "<filter conditions>"

  • Display information about certain objects in the Backup:

    kesl-control -B --query "<filter conditions>"

  • Delete certain objects from the Backup:

    kesl-control -B --mass-remove --query "<filter conditions>"

    Examples:

    Get information about events that contain the text "etc" in the FileName field:

    kesl-control -E --query "FileName like '%etc%'"

    Display information about events with the ThreatDetected type:

    kesl-control -E--query "EventType == 'ThreatDetected'"

    Display information about events with the ThreatDetected type, created by tasks of the ODS type:

    kesl-control -E --query "EventType == 'ThreatDetected' and TaskType == 'ODS'"

    Get information about the events generated after the date specified in the UNIX time stamp system (the number of seconds that have elapsed since 00:00:00 (UTC), 1 January 1970):

    kesl-control -E --query "Date > '1583425000'"

    Get information about the events generated after the date specified in YYYY-MM-DD hh:mm:ss format:

    kesl-control -E --query "Date > '2022-12-22 18:52:45'"

    Get information about files in the Backup storage that have the High severity level:

    kesl-control -B --query "DangerLevel == 'High'"

Kaspersky Endpoint Security for Linux: High protection without performance compromising
Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.