Cisco Cisco FirePOWER Appliance 7110
45-7
FireSIGHT System User Guide
Chapter 45 Searching for Events
Stopping Long-Running Queries
\
Stopping Long-Running Queries
License:
Any
Supported Devices:
Any Defense Center
System administrators can use a shell-based query management tool to locate and stop long-running
queries.
queries.
Note
Leaving the search page in the web interface does not stop a query. Queries that take a long time to return
results impact overall system performance while the query is running.
results impact overall system performance while the query is running.
The query management tool allows you to locate queries running longer than a specified number of
minutes and stop those queries. The tool logs an event to the audit log and to syslog when you stop a
query.
minutes and stop those queries. The tool logs an event to the audit log and to syslog when you stop a
query.
Note that the only locally-created user with shell access on Defense Centers is the
admin
user. If you use
an external authentication object which grants shell access, users matching the shell access filter can also
log into the shell.
log into the shell.
Usage:
query_manager [-v] [-l [minutes]] [-k query_id [...]]
[--kill-all minutes]
Options:
-h, --help
Prints a brief help message.
-l, --list [minutes]
Lists all queries taking longer than passed in minutes. By
default it will show all queries taking longer than 1 minute.
-k, --kill query_id [...]
Kills the query with the passed in id. The option can take
multiple ids.
--kill-all minutes
Kills all queries taking longer than passed in minutes.
-v, --verbose
Verbose output including full SQL queries.
Caution
Shell access should be limited to system administrators.
Table 45-4
Port Syntax Examples
Example
Description
21
Returns all events on port 21, including TCP and UDP events.
!23
Returns all events except those on port 23.
25/tcp
Returns all TCP-related intrusion events on port 25.
21/tcp,25/tcp Returns all TCP-related intrusion events on ports 21 and 25
21-25
Returns all events on ports 21 through 25.