Running Queries

You can run queries from several points within Firewall.

To run queries directly, select 2. Run a Query from the Reporting menu (STRFW  > 41).

You can also run queries by entering 5 in the Opt field for the query in the Work with Queries screen (STRFW > 41 > 1) as shown in Creating and Running Queries.

The Run Firewall Query (RUNFWQRY) screen appears:

   ​       ​  ​      ​        Run Firewall Query (RUNFWQRY)       ​                  
 ​  ​       ​  ​                                                                    
 Type choices, press Enter.​                                                     
                                                                                
 Query  . . . . . . . . . . . . .​ >​ TESTJZ​       ​ Name, *SELECT                 
 Display last minutes . . . . . .​  ​ *BYTIME      ​ Number, *BYTIME               
 Starting date and time:         ​  ​              ​                               
   Starting date  . . . . . . . .​  ​ *CURRENT     ​ Date, *CURRENT, *YESTERDAY... 
   Starting time  . . . . . . . .​  ​ 000000       ​ Time                          
 Ending date and time:           ​  ​              ​                               
   Ending date  . . . . . . . . .​  ​ *CURRENT     ​ Date, *CURRENT, *YESTERDAY... 
   Ending time  . . . . . . . . .​  ​ 235959       ​ Time                          
 User* or '%GROUP'  . . . . . . .​  ​ *ALL                                        
 Run action after end of run  . .​  ​ *NO          ​ Name, *NO                     
 System to run for  . . . . . . .​  ​ *CURRENT     ​ Name, *CURRENT, *group, *ALL..
 Number of records to process . .​  ​ *NOMAX        Number, *NOMAX                
 Recalculate per current rules  .​  ​ *NO          ​ *YES, *DIFFONLY, *NO          
 Output . . . . . . . . . . . . .​ >​ *            ​ *, *PRINT, *PDF, *HTML..      
                                                                                
                                                                                
                                                                 ​        Bottom​ 
 F3=Exit   F4=Prompt   F5=Refresh   F10=Additional parameters   F12=Cancel      
 F13=How to use this display        F24=More keys                              ​ 
                                                                                

The screen includes the following fields. Depending on how and from where within Firewallyou are running the query, some fields may already be filled in with read-only values.

Query

The name of the query to run. If you have not yet created the query, you can do so from the Add Query screen, as shown in Adding and Modifying Queries.

To choose the query after this screen, set this field to the value *SELECT.

Display last minutes

To view activity in the immediate past, enter a number corresponding to the number of minutes that you would like to check. For example, to check activity in the past 120 minutes, enter 120 in this field. This value would override starting and ending date and time fields.

Starting date and time

Starting date

The day or date on which the included data begins.

Allowed values include:

  • *CURRENT: The current date
  • *YESTERDAY: Yesterday's date
  • *WEEKSTR: The first day of the current week. By default, this is Sunday.
  • *PRVWEEKS: The first day of the previous week
  • *MONTHSTR: The first day of the current month
  • *PRVMONTHS: The first day of the previous month
  • *YEARSTR: The first day of the current year
  • *PRVYEARS: The first day of the previous year
  • *MON: Monday
  • *TUE: Tuesday
  • *WED: Wednesday
  • *THU: Thursday
  • *FRI: Friday
  • *SAT: Saturday
  • *SUN: Sunday

Starting time

The time on the Starting date at which the included data begins, in HHMMSS format.

Ending date

The day or date on which the included data ends.

Allowed values are the same as for Starting date.

Ending time

The time on the Starting date at which the included data ends, in HHMMSS format.

User* or '%GROUP'

The name of a user, or the generic* name or %GROUP name of a group of users, whose data the query examines.

Run action after end of run

If the Query Type of the query is $8, the name of an action for the Action product to run after the query. For no action, enter *NO.

System to run for

Queries can run on information for this system or for others. Possible values include:

  • *CURRENT: The current system.
  • *ALL: All systems.
  • Name: The name of a different system.
  • *group: A named group of systems.

Number of records to process

The maximum number of records to process. To include all records, enter *NOMAX.

Recalculate per current rules

In running a query, you can either use the results of the Firewall rules that were in effect when the data was recorded, or see how the data would have been handled under current rules (as shown in Running Firewall in FYI Simulation mode). Possible values for this field include:

  • *NO: Use the results from the rules that were in effect at the time of the events.
  • *YES: Show how the events would have been handed under the current rules.
  • *DIFFONLY: Show only the results that would be different if the current rules were in effect rather than those that were at the time.

Output

The destinations for output. Possible values include:

  • *: The default output. If running interactively, this is the current screen.
  • *PDF: Print report to PDF outfile.
  • *HTML: Print report to HTML outfile.
  • *CSV: Print report to CSV outfile.
  • *OUTFILE: Print report as text to an outfile.
  • *PRINT: Print to default printer.
  • *PRINT[1-9]: Print to another destination, as defined via the Printer Files Setup screen (STRFW > 89 > 58).

If you choose a destination that goes to an outfile, additional fields appear for further information.