Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE, Security Threat Response Manager User Manual

Security Threat Response Manager

AQL Event and Flow Query CLI Guide

Release 2008.2

Juniper Networks, Inc.

1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000

www.juniper.net

Part Number: 530-xxxxxx-01, Beta Draft

Copyright Notice

Copyright © 2008 Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper
Networks Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this
document are the property of Juniper Networks or their respective owners. All specifications are subject to chang e without notice. Juniper Networks
assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves
the right to change, modify, transfer, or otherwise revise this publicati on without notice.

FCC Statement

The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A
digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and
used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential
area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. The following
information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it
is not installed in accordance with NetScreen’s installation instructions, i t may cause interference wi th radio and tele vision reception. This equip ment has
been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These
specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that
interference will not occur in a particular installation. If this equipmen t does cause harmful interference to radio or television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna. Increase the separation between the equipme nt and receive r. Consult t he dealer o r an experienced ra dio/TV
technician for help. Connect the equipment to an outlet on a circuit different from that to which the receiver is connected.

Caution: Changes or modifications to this product could void the user's warrant y and authority to operate this device.

Disclaimer

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET
THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE
SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY.

AQL Event and Flow Query CLI Guide

Release 2008.2

Copyright © 2008, Juniper Networks, Inc.
All rights reserved. Printed in USA.
Revision History
18 April 2008—Beta Draft

The information in this document is current as of the date listed in the revision history.

2 

CONTENTS

ABOUT THIS GUIDE

Conventions 3
Technical Documentation 3
Documentation Feedback 3
Requesting Support 4

1 USING THE AQL QUERY CLI

About the AQL Query CLI 5
Accessing the AQL Query CLI 6
Using a Select Statement 7
Using Where Clauses 10
Using the Group By Clause 10
Using the Order By Clause 11
Using the Count(*) Clause 12
Using the Distinct Clause 12
Using the Count (Distinct ...) Clause 12
Using the Materialize View Clause 13
Using the Like Clause 13
Using the Describe Statement 14

ABOUT THIS GUIDE

The AQL Event and Flow Query CLI Guide provides you with information for using
the AQL CLI. This guide assumes you have advanced knowledge of Linux
command line functionality.

Conventions Table 1 lists conventions that are used throughout this guide.

Table 1 Icons

Icon Type Description

Information note Information that describes important features or

instructions.

Caution Information that alerts you to potential loss of

data or potential damage to an application,
system, device, or network.

Warning Information that alerts you to potential personal

injury.

Technical
Documentation

Documentation
Feedback

You can access technical documentation, technical notes, and release notes
directly from the Juniper networks Support Web site at

www.juniper.net/support/.

http://

We encourage you to provide feedback, comments, and suggestions so that we
can improve the documentation. Send your comments to

techpubs-comments@juniper.net, or fill out the documentation feedback form at
http://www.juniper.net/techpubs/docbug/docbugreport.html. If you are using e-mail, be

sure to include the following information with your comments:

• Document name

• Document part number

• Page number

• Software release version

AQL Event and Flow Query CLI Guide

4 ABOUT THIS GUIDE

Requesting
Support

• Open a support case using the Case Management link at

http://www.juniper.net/support/ or call 1-888-314-JTAC (from the United States,

Canada, or Mexico) or 1-408-745-9500 (from elsewher e).

AQL Event and Flow Query CLI Guide