Network Change & Configuration Management

Reply

Can you generate a Policy violation via a CSS or Perl Script?

Expert
Posts: 127
1200     0

Hello All -

I was wondering if it is possible to generate a policy violation using a script, rather than via the standard rules?  I know that you can create issues with scripts, but I would like a script to be tied into the policies if possible so the issues could be viewed from the Policy Compliance Screen.

Any thoughts?

Thanks,

Lon.

This is not supported in the

Adviser
Posts: 353
1201     0

This is not supported in the product today.

The updated policy engine in

Adviser
Posts: 353
1201     0

The updated policy engine in NetMRI 6.9 will let you access the issues for a device, and raise a policy violation based on issues that exist. There is one caveat to using issues this way, however.

A policy will be re-evaluated for a device if ANY of these conditions are met:

* The device has a detected change (shows up in the Changes screen) since the policy was last evaluated for the device.
* It has been more than 24 hours since the policy was last evaluated for the device.
* The policy or a rule within the policy has been changed since the policy was last evaluated for the device. This includes rules accessed indirectly via a PolicyRuleCall statement.
* A list used by a rule in the policy has been modified since the policy was last evaluated for the device.

Notice that "an issue is raised for a device" is NOT on that list. Thus, if the device config is not changing, it may take up to 24 hours for the policy rule violation to appear if you use an issue for this purpose.

An alternative is to use a list - create a list and use the script to populate the list. Then utilized the list in a ListSearch element in an XML policy rule. This is also a good way to get data from a job for use within a policy rule - effectively giving you access to arbitrary command results within policies.

 

 

I like the alternative of

Expert
Posts: 127
1201     0

I like the alternative of using the list.  Great idea.  Thanks for thinking of all these community comments when developing 6.9!

-Lon.

Showing results for 
Search instead for 
Do you mean 

Recommended for You