IBM i Global

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

How about using this freeware tool named SECTCP at http://easy400.net/sectcp/html/start.htm ? 

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

Some of those answers are at https://www.ibm.com/docs/en/i/7.5?topic=is-communication-services

I had to check WRKCFGL on one of my lpars.  I was surprised to see I still had entries.  I thought I had cleared off all that sna stuff.

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

Some of those answers are at https://www.ibm.com/docs/en/i/7.5?topic=is-communication-services

I had to check WRKCFGL on one of my lpars.  I was surprised to see I still had entries.  I thought I had cleared off all that sna stuff.

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

Hi.

Unfortunately, I have access to AS400 v7.4 and in this version there is no the view https://www.ibm.com/docs/en/ssw_ibm_i_75/rzajq/rzajqviewtelnetattr.htm  

that only contains the telnet attributes, therefore none of those views that are listed on https://www.ibm.com/docs/en/i/7.4?topic=is-communication-services

can help me. There is no a view for FTP attribute ALWSSL and the Secure Loc For Remote locations.

Any other suggestions I would really appreciate

Some of those answers are at https://www.ibm.com/docs/en/i/7.5?topic=is-communication-services

I had to check WRKCFGL on one of my lpars.  I was surprised to see I still had entries.  I thought I had cleared off all that sna stuff.

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

Can you get to Navigator for i

some of the info you want is there under TCP/IP Servers

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

Hi Rich

I need to get those actual values by command line some way because I would need them to process automation tasks, that's why with graphical interface is not useful for me.

Any other suggestions I would really appreciate.

Can you get to Navigator for i

some of the info you want is there under TCP/IP Servers

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

ok - this is a little convoluted but......this MAY work for you

File QATMFTP in QUSRSYS contains the FTP configuration. Looks like line 11 is the value for Allowing SSL

File QATMTELN in QURSYS contains the telnet configuration. Looks like Line 9 is the value for SSL . 

I don't have an answer for the DSPCFGL   - hope the above helps some

Hi Rich

I need to get those actual values by command line some way because I would need them to process automation tasks, that's why with graphical interface is not useful for me.

Any other suggestions I would really appreciate.

Can you get to Navigator for i

some of the info you want is there under TCP/IP Servers

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

I really need a kind of SQL query or CL command to extract the value of "Allowing SSL" from the configuration files QATMFTP and QATMTELN. Is there any straigthforward strategy to achieve that goal? Thank you in advance for your help. 

ok - this is a little convoluted but......this MAY work for you

File QATMFTP in QUSRSYS contains the FTP configuration. Looks like line 11 is the value for Allowing SSL

File QATMTELN in QURSYS contains the telnet configuration. Looks like Line 9 is the value for SSL . 

I don't have an answer for the DSPCFGL   - hope the above helps some

Hi Rich

I need to get those actual values by command line some way because I would need them to process automation tasks, that's why with graphical interface is not useful for me.

Any other suggestions I would really appreciate.

Can you get to Navigator for i

some of the info you want is there under TCP/IP Servers

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

I really need a kind of SQL query or CL command to extract the value of "Allowing SSL" from the configuration files QATMFTP and QATMTELN. Is there any straigthforward strategy to achieve that goal? Thank you in advance for your help. 

ok - this is a little convoluted but......this MAY work for you

File QATMFTP in QUSRSYS contains the FTP configuration. Looks like line 11 is the value for Allowing SSL

File QATMTELN in QURSYS contains the telnet configuration. Looks like Line 9 is the value for SSL . 

I don't have an answer for the DSPCFGL   - hope the above helps some

Hi Rich

I need to get those actual values by command line some way because I would need them to process automation tasks, that's why with graphical interface is not useful for me.

Any other suggestions I would really appreciate.

Can you get to Navigator for i

some of the info you want is there under TCP/IP Servers

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

From what I can see, if you go with the SQL approach via these tables...you will have to use the RRN function.. For instance,  for telnet, the RRN is 7 (i mistaken when I noted '9'). This is based on me testing/verifying the value changed for that parm

select * from qusrsys.QATMTELN
where rrn(qusrsys.QATMTELN) = 7;

for the FTP file -  QATMFTP - 

select * from qusrsys. QATMFTP
where rrn(qusrsys. QATMFTP) = 11

I imagine this is the same for other versions of the O/S - but my testing was done only at a 7.4 machine

I really need a kind of SQL query or CL command to extract the value of "Allowing SSL" from the configuration files QATMFTP and QATMTELN. Is there any straigthforward strategy to achieve that goal? Thank you in advance for your help. 

ok - this is a little convoluted but......this MAY work for you

File QATMFTP in QUSRSYS contains the FTP configuration. Looks like line 11 is the value for Allowing SSL

File QATMTELN in QURSYS contains the telnet configuration. Looks like Line 9 is the value for SSL . 

I don't have an answer for the DSPCFGL   - hope the above helps some

Hi Rich

I need to get those actual values by command line some way because I would need them to process automation tasks, that's why with graphical interface is not useful for me.

Any other suggestions I would really appreciate.

Can you get to Navigator for i

some of the info you want is there under TCP/IP Servers

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

From what I can see, if you go with the SQL approach via these tables...you will have to use the RRN function.. For instance,  for telnet, the RRN is 7 (i mistaken when I noted '9'). This is based on me testing/verifying the value changed for that parm

select * from qusrsys.QATMTELN
where rrn(qusrsys.QATMTELN) = 7;

for the FTP file -  QATMFTP - 

select * from qusrsys. QATMFTP
where rrn(qusrsys. QATMFTP) = 11

I imagine this is the same for other versions of the O/S - but my testing was done only at a 7.4 machine

I really need a kind of SQL query or CL command to extract the value of "Allowing SSL" from the configuration files QATMFTP and QATMTELN. Is there any straigthforward strategy to achieve that goal? Thank you in advance for your help. 

ok - this is a little convoluted but......this MAY work for you

File QATMFTP in QUSRSYS contains the FTP configuration. Looks like line 11 is the value for Allowing SSL

File QATMTELN in QURSYS contains the telnet configuration. Looks like Line 9 is the value for SSL . 

I don't have an answer for the DSPCFGL   - hope the above helps some

Hi Rich

I need to get those actual values by command line some way because I would need them to process automation tasks, that's why with graphical interface is not useful for me.

Any other suggestions I would really appreciate.

Can you get to Navigator for i

some of the info you want is there under TCP/IP Servers

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

ok - this is a little convoluted but......this MAY work for you

File QATMFTP in QUSRSYS contains the FTP configuration. Looks like line 11 is the value for Allowing SSL

File QATMTELN in QURSYS contains the telnet configuration. Looks like Line 9 is the value for SSL . 

I don't have an answer for the DSPCFGL   - hope the above helps some

Hi Rich

I need to get those actual values by command line some way because I would need them to process automation tasks, that's why with graphical interface is not useful for me.

Any other suggestions I would really appreciate.

Can you get to Navigator for i

some of the info you want is there under TCP/IP Servers

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

Rich,

I don't think it's 9.  it's 7 for telnet. Try changing that value quickly, run you sql and change it back.

ok - this is a little convoluted but......this MAY work for you

File QATMFTP in QUSRSYS contains the FTP configuration. Looks like line 11 is the value for Allowing SSL

File QATMTELN in QURSYS contains the telnet configuration. Looks like Line 9 is the value for SSL . 

I don't have an answer for the DSPCFGL   - hope the above helps some

Hi Rich

I need to get those actual values by command line some way because I would need them to process automation tasks, that's why with graphical interface is not useful for me.

Any other suggestions I would really appreciate.

Can you get to Navigator for i

some of the info you want is there under TCP/IP Servers

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

Regarding #1, do you really still use APPC/APPN based connections (if yes for sure based on a HPR/IP aka Enterprise Extender setup)?

If yes, you can output the DSPCFGL command to a spool file, then display this spool file through SQL with https://www.ibm.com/docs/en/i/7.4?topic=services-spooled-file-data-table-function.

If no, you can simply delete all configuration lists. And use https://www.ibm.com/docs/en/i/7.4?topic=services-object-statistics-table-function with a selection on *CFGL object type to output an empty list showing that there is no more any configurgation list.

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

Hi Marc

I am just trying to automate some tasks that I have to but I actually do not know if technicians are still using APPC/APPN connections. But they appear with the command DSPCFGL as you say. I understand what you say about spooled-file-data-table-function, however I was trying to find a query tha allow me to get the data more quickly and straightforward, like this example  https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Regarding #1, do you really still use APPC/APPN based connections (if yes for sure based on a HPR/IP aka Enterprise Extender setup)?

If yes, you can output the DSPCFGL command to a spool file, then display this spool file through SQL with https://www.ibm.com/docs/en/i/7.4?topic=services-spooled-file-data-table-function.

If no, you can simply delete all configuration lists. And use https://www.ibm.com/docs/en/i/7.4?topic=services-object-statistics-table-function with a selection on *CFGL object type to output an empty list showing that there is no more any configurgation list.

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

Try this (as an SQL only script);

CALL QSYS2.QCMDEXC('DSPCFGL CFGL(QAPPNRMT) OUTPUT(*PRINT)');

SELECT * FROM TABLE(SYSTOOLS.SPOOLED_FILE_DATA(JOB_NAME=>
(SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT')) 
ORDER BY CREATION_TIMESTAMP DESC FETCH FIRST 1 ROWS ONLY),
SPOOLED_FILE_NAME =>'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT'));

The use of the embedded select over QSYS2.SPOOLED_FILE_INFO is required in case you run the script from iACS, as the spooled files are not owned by the current job but by a QPRTJOB named job with an unknown job number.

Order by and fetch first are here to display only the very last spool file.

But again, you may ask knowing people to review APPC/APPN setup and clean it if no longer used. Within a security/audit context, this is an healthy behavior just like not starting not needed IP services.

Hi Marc

I am just trying to automate some tasks that I have to but I actually do not know if technicians are still using APPC/APPN connections. But they appear with the command DSPCFGL as you say. I understand what you say about spooled-file-data-table-function, however I was trying to find a query tha allow me to get the data more quickly and straightforward, like this example  https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Regarding #1, do you really still use APPC/APPN based connections (if yes for sure based on a HPR/IP aka Enterprise Extender setup)?

If yes, you can output the DSPCFGL command to a spool file, then display this spool file through SQL with https://www.ibm.com/docs/en/i/7.4?topic=services-spooled-file-data-table-function.

If no, you can simply delete all configuration lists. And use https://www.ibm.com/docs/en/i/7.4?topic=services-object-statistics-table-function with a selection on *CFGL object type to output an empty list showing that there is no more any configurgation list.

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

SELECT * FROM TABLE(SYSTOOLS.SPOOLED_FILE_DATA(JOB_NAME=>(
    SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT')) WHERE SPOOLED_FILE_NAME = 'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT' ORDER BY CREATION_TIMESTAMP DESC FETCH FIRST 1 ROWS ONLY), SPOOLED_FILE_NAME =>'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT')
                                                           );

Adding a selection to spooled file name might be better to ensure you are retrieving the correct job.

Try this (as an SQL only script);

CALL QSYS2.QCMDEXC('DSPCFGL CFGL(QAPPNRMT) OUTPUT(*PRINT)');

SELECT * FROM TABLE(SYSTOOLS.SPOOLED_FILE_DATA(JOB_NAME=>
(SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT')) 
ORDER BY CREATION_TIMESTAMP DESC FETCH FIRST 1 ROWS ONLY),
SPOOLED_FILE_NAME =>'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT'));

The use of the embedded select over QSYS2.SPOOLED_FILE_INFO is required in case you run the script from iACS, as the spooled files are not owned by the current job but by a QPRTJOB named job with an unknown job number.

Order by and fetch first are here to display only the very last spool file.

But again, you may ask knowing people to review APPC/APPN setup and clean it if no longer used. Within a security/audit context, this is an healthy behavior just like not starting not needed IP services.

Hi Marc

I am just trying to automate some tasks that I have to but I actually do not know if technicians are still using APPC/APPN connections. But they appear with the command DSPCFGL as you say. I understand what you say about spooled-file-data-table-function, however I was trying to find a query tha allow me to get the data more quickly and straightforward, like this example  https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Regarding #1, do you really still use APPC/APPN based connections (if yes for sure based on a HPR/IP aka Enterprise Extender setup)?

If yes, you can output the DSPCFGL command to a spool file, then display this spool file through SQL with https://www.ibm.com/docs/en/i/7.4?topic=services-spooled-file-data-table-function.

If no, you can simply delete all configuration lists. And use https://www.ibm.com/docs/en/i/7.4?topic=services-object-statistics-table-function with a selection on *CFGL object type to output an empty list showing that there is no more any configurgation list.

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

SELECT * FROM TABLE(SYSTOOLS.SPOOLED_FILE_DATA(JOB_NAME=>(
    SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT')) WHERE SPOOLED_FILE_NAME = 'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT' ORDER BY CREATION_TIMESTAMP DESC FETCH FIRST 1 ROWS ONLY), SPOOLED_FILE_NAME =>'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT')
                                                           );

Adding a selection to spooled file name might be better to ensure you are retrieving the correct job.

Try this (as an SQL only script);

CALL QSYS2.QCMDEXC('DSPCFGL CFGL(QAPPNRMT) OUTPUT(*PRINT)');

SELECT * FROM TABLE(SYSTOOLS.SPOOLED_FILE_DATA(JOB_NAME=>
(SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT')) 
ORDER BY CREATION_TIMESTAMP DESC FETCH FIRST 1 ROWS ONLY),
SPOOLED_FILE_NAME =>'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT'));

The use of the embedded select over QSYS2.SPOOLED_FILE_INFO is required in case you run the script from iACS, as the spooled files are not owned by the current job but by a QPRTJOB named job with an unknown job number.

Order by and fetch first are here to display only the very last spool file.

But again, you may ask knowing people to review APPC/APPN setup and clean it if no longer used. Within a security/audit context, this is an healthy behavior just like not starting not needed IP services.

Hi Marc

I am just trying to automate some tasks that I have to but I actually do not know if technicians are still using APPC/APPN connections. But they appear with the command DSPCFGL as you say. I understand what you say about spooled-file-data-table-function, however I was trying to find a query tha allow me to get the data more quickly and straightforward, like this example  https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Regarding #1, do you really still use APPC/APPN based connections (if yes for sure based on a HPR/IP aka Enterprise Extender setup)?

If yes, you can output the DSPCFGL command to a spool file, then display this spool file through SQL with https://www.ibm.com/docs/en/i/7.4?topic=services-spooled-file-data-table-function.

If no, you can simply delete all configuration lists. And use https://www.ibm.com/docs/en/i/7.4?topic=services-object-statistics-table-function with a selection on *CFGL object type to output an empty list showing that there is no more any configurgation list.

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

Hi Marc !!!

Thank you so much for your suggestions !! However, I was trying to run it and there is a sintaxis error or something because I got "Creation_timestamp" doesn't exist, I was trying this query too but I have the same error with "ENDING_TIMESTAMP":

 SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(
            USER_NAME => '*CURRENT',
            STATUS => '*READY *HELD'
          ))
          ORDER BY ENDING_TIMESTAMP DESC
          FETCH FIRST 1 ROW ONLY
Thank you in advance for any ideas to solve the issue

SELECT * FROM TABLE(SYSTOOLS.SPOOLED_FILE_DATA(JOB_NAME=>(
    SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT')) WHERE SPOOLED_FILE_NAME = 'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT' ORDER BY CREATION_TIMESTAMP DESC FETCH FIRST 1 ROWS ONLY), SPOOLED_FILE_NAME =>'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT')
                                                           );

Adding a selection to spooled file name might be better to ensure you are retrieving the correct job.

Try this (as an SQL only script);

CALL QSYS2.QCMDEXC('DSPCFGL CFGL(QAPPNRMT) OUTPUT(*PRINT)');

SELECT * FROM TABLE(SYSTOOLS.SPOOLED_FILE_DATA(JOB_NAME=>
(SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT')) 
ORDER BY CREATION_TIMESTAMP DESC FETCH FIRST 1 ROWS ONLY),
SPOOLED_FILE_NAME =>'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT'));

The use of the embedded select over QSYS2.SPOOLED_FILE_INFO is required in case you run the script from iACS, as the spooled files are not owned by the current job but by a QPRTJOB named job with an unknown job number.

Order by and fetch first are here to display only the very last spool file.

But again, you may ask knowing people to review APPC/APPN setup and clean it if no longer used. Within a security/audit context, this is an healthy behavior just like not starting not needed IP services.

Hi Marc

I am just trying to automate some tasks that I have to but I actually do not know if technicians are still using APPC/APPN connections. But they appear with the command DSPCFGL as you say. I understand what you say about spooled-file-data-table-function, however I was trying to find a query tha allow me to get the data more quickly and straightforward, like this example  https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Regarding #1, do you really still use APPC/APPN based connections (if yes for sure based on a HPR/IP aka Enterprise Extender setup)?

If yes, you can output the DSPCFGL command to a spool file, then display this spool file through SQL with https://www.ibm.com/docs/en/i/7.4?topic=services-spooled-file-data-table-function.

If no, you can simply delete all configuration lists. And use https://www.ibm.com/docs/en/i/7.4?topic=services-object-statistics-table-function with a selection on *CFGL object type to output an empty list showing that there is no more any configurgation list.

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

According to https://www.ibm.com/docs/en/i/7.4?topic=services-spooled-file-info-table-function:

ENDING_TIMESTAMP is not a column which is provided by the table function, therefore you cannot use it in the ORDER BY clause.

However, it should work with CREATION_TIMESTAMP, as this one is provided by the table function. So you may double check your syntax. To verify the column name, just try (with iACS), something like "SELECT * TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT'));". This statement will show you all the available column names.

Hi Marc !!!

Thank you so much for your suggestions !! However, I was trying to run it and there is a sintaxis error or something because I got "Creation_timestamp" doesn't exist, I was trying this query too but I have the same error with "ENDING_TIMESTAMP":

 SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(
            USER_NAME => '*CURRENT',
            STATUS => '*READY *HELD'
          ))
          ORDER BY ENDING_TIMESTAMP DESC
          FETCH FIRST 1 ROW ONLY
Thank you in advance for any ideas to solve the issue

SELECT * FROM TABLE(SYSTOOLS.SPOOLED_FILE_DATA(JOB_NAME=>(
    SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT')) WHERE SPOOLED_FILE_NAME = 'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT' ORDER BY CREATION_TIMESTAMP DESC FETCH FIRST 1 ROWS ONLY), SPOOLED_FILE_NAME =>'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT')
                                                           );

Adding a selection to spooled file name might be better to ensure you are retrieving the correct job.

Try this (as an SQL only script);

CALL QSYS2.QCMDEXC('DSPCFGL CFGL(QAPPNRMT) OUTPUT(*PRINT)');

SELECT * FROM TABLE(SYSTOOLS.SPOOLED_FILE_DATA(JOB_NAME=>
(SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT')) 
ORDER BY CREATION_TIMESTAMP DESC FETCH FIRST 1 ROWS ONLY),
SPOOLED_FILE_NAME =>'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT'));

The use of the embedded select over QSYS2.SPOOLED_FILE_INFO is required in case you run the script from iACS, as the spooled files are not owned by the current job but by a QPRTJOB named job with an unknown job number.

Order by and fetch first are here to display only the very last spool file.

But again, you may ask knowing people to review APPC/APPN setup and clean it if no longer used. Within a security/audit context, this is an healthy behavior just like not starting not needed IP services.

Hi Marc

I am just trying to automate some tasks that I have to but I actually do not know if technicians are still using APPC/APPN connections. But they appear with the command DSPCFGL as you say. I understand what you say about spooled-file-data-table-function, however I was trying to find a query tha allow me to get the data more quickly and straightforward, like this example  https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Regarding #1, do you really still use APPC/APPN based connections (if yes for sure based on a HPR/IP aka Enterprise Extender setup)?

If yes, you can output the DSPCFGL command to a spool file, then display this spool file through SQL with https://www.ibm.com/docs/en/i/7.4?topic=services-spooled-file-data-table-function.

If no, you can simply delete all configuration lists. And use https://www.ibm.com/docs/en/i/7.4?topic=services-object-statistics-table-function with a selection on *CFGL object type to output an empty list showing that there is no more any configurgation list.

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

Hi Marc.

Apparently the solution that you are indicating to me is similar to this one: https://www.rpgpgm.com/2019/05/using-sql-to-retrieve-data-from-spooled.html

Is that correct? Honestly, I do not know how to figure out the position and lenght for characters because I do not have direct access to the AS400 system, I just must automate the verification with ansible, that´s why I need something like a query similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting . If there is a less complex strategy would be more useful to me, otherwise I have to continue researching based on the idea that you are giving to me.

According to https://www.ibm.com/docs/en/i/7.4?topic=services-spooled-file-info-table-function:

ENDING_TIMESTAMP is not a column which is provided by the table function, therefore you cannot use it in the ORDER BY clause.

However, it should work with CREATION_TIMESTAMP, as this one is provided by the table function. So you may double check your syntax. To verify the column name, just try (with iACS), something like "SELECT * TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT'));". This statement will show you all the available column names.

Hi Marc !!!

Thank you so much for your suggestions !! However, I was trying to run it and there is a sintaxis error or something because I got "Creation_timestamp" doesn't exist, I was trying this query too but I have the same error with "ENDING_TIMESTAMP":

 SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(
            USER_NAME => '*CURRENT',
            STATUS => '*READY *HELD'
          ))
          ORDER BY ENDING_TIMESTAMP DESC
          FETCH FIRST 1 ROW ONLY
Thank you in advance for any ideas to solve the issue

SELECT * FROM TABLE(SYSTOOLS.SPOOLED_FILE_DATA(JOB_NAME=>(
    SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT')) WHERE SPOOLED_FILE_NAME = 'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT' ORDER BY CREATION_TIMESTAMP DESC FETCH FIRST 1 ROWS ONLY), SPOOLED_FILE_NAME =>'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT')
                                                           );

Adding a selection to spooled file name might be better to ensure you are retrieving the correct job.

Try this (as an SQL only script);

CALL QSYS2.QCMDEXC('DSPCFGL CFGL(QAPPNRMT) OUTPUT(*PRINT)');

SELECT * FROM TABLE(SYSTOOLS.SPOOLED_FILE_DATA(JOB_NAME=>
(SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT')) 
ORDER BY CREATION_TIMESTAMP DESC FETCH FIRST 1 ROWS ONLY),
SPOOLED_FILE_NAME =>'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT'));

The use of the embedded select over QSYS2.SPOOLED_FILE_INFO is required in case you run the script from iACS, as the spooled files are not owned by the current job but by a QPRTJOB named job with an unknown job number.

Order by and fetch first are here to display only the very last spool file.

But again, you may ask knowing people to review APPC/APPN setup and clean it if no longer used. Within a security/audit context, this is an healthy behavior just like not starting not needed IP services.

Hi Marc

I am just trying to automate some tasks that I have to but I actually do not know if technicians are still using APPC/APPN connections. But they appear with the command DSPCFGL as you say. I understand what you say about spooled-file-data-table-function, however I was trying to find a query tha allow me to get the data more quickly and straightforward, like this example  https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Regarding #1, do you really still use APPC/APPN based connections (if yes for sure based on a HPR/IP aka Enterprise Extender setup)?

If yes, you can output the DSPCFGL command to a spool file, then display this spool file through SQL with https://www.ibm.com/docs/en/i/7.4?topic=services-spooled-file-data-table-function.

If no, you can simply delete all configuration lists. And use https://www.ibm.com/docs/en/i/7.4?topic=services-object-statistics-table-function with a selection on *CFGL object type to output an empty list showing that there is no more any configurgation list.

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

Hello

Yes, you are right, this is a similar solution.

However, do you really need an output properly formatted like a database report? Unfortunately I don't have an access to a system with configured configuration lists, therefore I cannot retrieve the output format of DSPCFGL command.

I can simulate it with DSPLIBL command output. This shows like the attached file. Is a similar simple output could fit your needs?

It would be nice if you can get an example of the output from DSPCFGL command to check if without any change it could fit your needs.

If it does not, we do need an example of the output from DSPCFGL command. There are ways to create an SQL script without hard coding positions and length.

Example with DSPLIBL to provide only the Library column:

create variable qgpl.LibraryPosition integer;
set qgpl.LibraryPosition = (select min(locate_in_string(spooled_data, 'Library')) from table(systools.spooled_file_data(job_name=>'103859/DIMARCO/MARCOA1', SPOOLED_FILE_NAME =>'QPRTLIBL')) where locate_in_string(spooled_data, 'Library') <> 0);
select substr(spooled_data, qgpl.LibraryPosition, 10) as Library from table(systools.spooled_file_data(job_name=>'103859/DIMARCO/MARCOA1', SPOOLED_FILE_NAME =>'QPRTLIBL')) where
    spooled_data not like '%Library%' and 
    spooled_data not like '%ASP%' and 
    spooled_data not like '%E N D%' and 
    rtrim(ltrim(spooled_data)) not like (select rtrim(ltrim(system_value)) from QSYS2.SYSTEM_VALUE_INFO where system_value_name = 'QPRTTXT');
drop variable qgpl.LibraryPosition;

Similar piece of code can be used for more colums. However, this method requires the language of the spooled file to be in English. We can set the job in English if needed, but the language must exist on the system. If running within an Ansible session, we can imagine sending some variables to the script to set the Text values to test.

Hi Marc.

Apparently the solution that you are indicating to me is similar to this one: https://www.rpgpgm.com/2019/05/using-sql-to-retrieve-data-from-spooled.html

Is that correct? Honestly, I do not know how to figure out the position and lenght for characters because I do not have direct access to the AS400 system, I just must automate the verification with ansible, that´s why I need something like a query similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting . If there is a less complex strategy would be more useful to me, otherwise I have to continue researching based on the idea that you are giving to me.

According to https://www.ibm.com/docs/en/i/7.4?topic=services-spooled-file-info-table-function:

ENDING_TIMESTAMP is not a column which is provided by the table function, therefore you cannot use it in the ORDER BY clause.

However, it should work with CREATION_TIMESTAMP, as this one is provided by the table function. So you may double check your syntax. To verify the column name, just try (with iACS), something like "SELECT * TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT'));". This statement will show you all the available column names.

Hi Marc !!!

Thank you so much for your suggestions !! However, I was trying to run it and there is a sintaxis error or something because I got "Creation_timestamp" doesn't exist, I was trying this query too but I have the same error with "ENDING_TIMESTAMP":

 SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(
            USER_NAME => '*CURRENT',
            STATUS => '*READY *HELD'
          ))
          ORDER BY ENDING_TIMESTAMP DESC
          FETCH FIRST 1 ROW ONLY
Thank you in advance for any ideas to solve the issue

SELECT * FROM TABLE(SYSTOOLS.SPOOLED_FILE_DATA(JOB_NAME=>(
    SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT')) WHERE SPOOLED_FILE_NAME = 'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT' ORDER BY CREATION_TIMESTAMP DESC FETCH FIRST 1 ROWS ONLY), SPOOLED_FILE_NAME =>'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT')
                                                           );

Adding a selection to spooled file name might be better to ensure you are retrieving the correct job.

Try this (as an SQL only script);

CALL QSYS2.QCMDEXC('DSPCFGL CFGL(QAPPNRMT) OUTPUT(*PRINT)');

SELECT * FROM TABLE(SYSTOOLS.SPOOLED_FILE_DATA(JOB_NAME=>
(SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT')) 
ORDER BY CREATION_TIMESTAMP DESC FETCH FIRST 1 ROWS ONLY),
SPOOLED_FILE_NAME =>'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT'));

The use of the embedded select over QSYS2.SPOOLED_FILE_INFO is required in case you run the script from iACS, as the spooled files are not owned by the current job but by a QPRTJOB named job with an unknown job number.

Order by and fetch first are here to display only the very last spool file.

But again, you may ask knowing people to review APPC/APPN setup and clean it if no longer used. Within a security/audit context, this is an healthy behavior just like not starting not needed IP services.

Hi Marc

I am just trying to automate some tasks that I have to but I actually do not know if technicians are still using APPC/APPN connections. But they appear with the command DSPCFGL as you say. I understand what you say about spooled-file-data-table-function, however I was trying to find a query tha allow me to get the data more quickly and straightforward, like this example  https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Regarding #1, do you really still use APPC/APPN based connections (if yes for sure based on a HPR/IP aka Enterprise Extender setup)?

If yes, you can output the DSPCFGL command to a spool file, then display this spool file through SQL with https://www.ibm.com/docs/en/i/7.4?topic=services-spooled-file-data-table-function.

If no, you can simply delete all configuration lists. And use https://www.ibm.com/docs/en/i/7.4?topic=services-object-statistics-table-function with a selection on *CFGL object type to output an empty list showing that there is no more any configurgation list.

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

Hi Marc

The output is similar to this one: https://www.ibm.com/support/pages/creating-remote-configuration-list-or-adding-entry-existing-list-wrkcfgl-qappnrmt but in spanish: 

    Visualizar lista configuración                    Página     1
DEMO1 DEMO1  455878                 SXXXXV  24/01/25  18:00:12 UTC-05:00S
 Lista de configuración . . . . . . :   CFGD        QAPPNRMT
 Tipo de lista de configuración . . :   CFGTYPE     *APPNRMT
 Texto  . . . . . . . . . . . . . . :   TEXT
 ------------------Ubicaciones remotas APPN------------------
           ID de               Punto de  ID red
 Ubic      red       Ubic      control   punto de  Ubic
 Remota    remota    Local     remoto    control   segura
 *ANY      FGHYUUI   STRETYY   VTAM01    UYTEFEFG  *NO
 AS78QN    SXXXXX7   AS27045   APPN      APPN      *NO
 DV023     TREWWWD   S7654707  VTAM02    UYTEFEFG  *NO
 -------------------Ubicaciones remotas APPN-------------------
           ID de                                 Punto
 Ubic      red       Ubic      Sesión    Núm    control  Sesión
 Remota    remota    Local     única   convers   local   preest
 *ANY      FGHYUUI  STRETYY   *NO         10     *NO      *NO
 AS78QN    SXXXXX7  AS27045   *NO         10     *NO      *NO
 DV023     TREWWWD  S7654707  *NO         10     *NO      *NO
 
 -------------Ubicaciones remotas APPN-------------
           ID de
 Ubic      red       Ubic
 Remota    remota    Local     Texto
 *ANY      FGHYUUI   S7654707
 AS78QN    SXXXXX7   S7654707
 DV023     TREWWWD   S7654707
             * * * * *   F I N    D E    L I S T A D O   * * * * *

Hello

Yes, you are right, this is a similar solution.

However, do you really need an output properly formatted like a database report? Unfortunately I don't have an access to a system with configured configuration lists, therefore I cannot retrieve the output format of DSPCFGL command.

I can simulate it with DSPLIBL command output. This shows like the attached file. Is a similar simple output could fit your needs?

It would be nice if you can get an example of the output from DSPCFGL command to check if without any change it could fit your needs.

If it does not, we do need an example of the output from DSPCFGL command. There are ways to create an SQL script without hard coding positions and length.

Example with DSPLIBL to provide only the Library column:

create variable qgpl.LibraryPosition integer;
set qgpl.LibraryPosition = (select min(locate_in_string(spooled_data, 'Library')) from table(systools.spooled_file_data(job_name=>'103859/DIMARCO/MARCOA1', SPOOLED_FILE_NAME =>'QPRTLIBL')) where locate_in_string(spooled_data, 'Library') <> 0);
select substr(spooled_data, qgpl.LibraryPosition, 10) as Library from table(systools.spooled_file_data(job_name=>'103859/DIMARCO/MARCOA1', SPOOLED_FILE_NAME =>'QPRTLIBL')) where
    spooled_data not like '%Library%' and 
    spooled_data not like '%ASP%' and 
    spooled_data not like '%E N D%' and 
    rtrim(ltrim(spooled_data)) not like (select rtrim(ltrim(system_value)) from QSYS2.SYSTEM_VALUE_INFO where system_value_name = 'QPRTTXT');
drop variable qgpl.LibraryPosition;

Similar piece of code can be used for more colums. However, this method requires the language of the spooled file to be in English. We can set the job in English if needed, but the language must exist on the system. If running within an Ansible session, we can imagine sending some variables to the script to set the Text values to test.

Hi Marc.

Apparently the solution that you are indicating to me is similar to this one: https://www.rpgpgm.com/2019/05/using-sql-to-retrieve-data-from-spooled.html

Is that correct? Honestly, I do not know how to figure out the position and lenght for characters because I do not have direct access to the AS400 system, I just must automate the verification with ansible, that´s why I need something like a query similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting . If there is a less complex strategy would be more useful to me, otherwise I have to continue researching based on the idea that you are giving to me.

According to https://www.ibm.com/docs/en/i/7.4?topic=services-spooled-file-info-table-function:

ENDING_TIMESTAMP is not a column which is provided by the table function, therefore you cannot use it in the ORDER BY clause.

However, it should work with CREATION_TIMESTAMP, as this one is provided by the table function. So you may double check your syntax. To verify the column name, just try (with iACS), something like "SELECT * TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT'));". This statement will show you all the available column names.

Hi Marc !!!

Thank you so much for your suggestions !! However, I was trying to run it and there is a sintaxis error or something because I got "Creation_timestamp" doesn't exist, I was trying this query too but I have the same error with "ENDING_TIMESTAMP":

 SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(
            USER_NAME => '*CURRENT',
            STATUS => '*READY *HELD'
          ))
          ORDER BY ENDING_TIMESTAMP DESC
          FETCH FIRST 1 ROW ONLY
Thank you in advance for any ideas to solve the issue

SELECT * FROM TABLE(SYSTOOLS.SPOOLED_FILE_DATA(JOB_NAME=>(
    SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT')) WHERE SPOOLED_FILE_NAME = 'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT' ORDER BY CREATION_TIMESTAMP DESC FETCH FIRST 1 ROWS ONLY), SPOOLED_FILE_NAME =>'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT')
                                                           );

Adding a selection to spooled file name might be better to ensure you are retrieving the correct job.

Try this (as an SQL only script);

CALL QSYS2.QCMDEXC('DSPCFGL CFGL(QAPPNRMT) OUTPUT(*PRINT)');

SELECT * FROM TABLE(SYSTOOLS.SPOOLED_FILE_DATA(JOB_NAME=>
(SELECT QUALIFIED_JOB_NAME FROM TABLE(QSYS2.SPOOLED_FILE_INFO(USER_NAME => '*CURRENT')) 
ORDER BY CREATION_TIMESTAMP DESC FETCH FIRST 1 ROWS ONLY),
SPOOLED_FILE_NAME =>'thenameofspooledefileproducedbyDSPCFGLsuchasQSYSPRT'));

The use of the embedded select over QSYS2.SPOOLED_FILE_INFO is required in case you run the script from iACS, as the spooled files are not owned by the current job but by a QPRTJOB named job with an unknown job number.

Order by and fetch first are here to display only the very last spool file.

But again, you may ask knowing people to review APPC/APPN setup and clean it if no longer used. Within a security/audit context, this is an healthy behavior just like not starting not needed IP services.

Hi Marc

I am just trying to automate some tasks that I have to but I actually do not know if technicians are still using APPC/APPN connections. But they appear with the command DSPCFGL as you say. I understand what you say about spooled-file-data-table-function, however I was trying to find a query tha allow me to get the data more quickly and straightforward, like this example  https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Regarding #1, do you really still use APPC/APPN based connections (if yes for sure based on a HPR/IP aka Enterprise Extender setup)?

If yes, you can output the DSPCFGL command to a spool file, then display this spool file through SQL with https://www.ibm.com/docs/en/i/7.4?topic=services-spooled-file-data-table-function.

If no, you can simply delete all configuration lists. And use https://www.ibm.com/docs/en/i/7.4?topic=services-object-statistics-table-function with a selection on *CFGL object type to output an empty list showing that there is no more any configurgation list.

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help

I must get the actual value of some network security parameters, therefore I need to know:

 1. How to view "Secure Loc" of remote locations without prompting on "DSPCFGL CFGL(QAPPNRMT)"

2. How to view "ALWSSL" without prompting on "CHGTELNA" and pressing F4

3. How to view "ALWSSL" without prompting on "CHGFTPA" and pressing F4

I really need an answer similar to this one: https://www.ibm.com/support/pages/verifying-ddm-tcpip-attribute-lowest-authentication-method-password-required-current-setting

Thank you in advance for your help