Network Change & Configuration Management

Reply

NetMRI Policy rule for certain logging server and no others

EPeeters
Techie
Posts: 11
4207     1

I got the question from a customer/prospect to write a rule where on a Cisco logging should be configured for 10.111.112.1, 2.2.2.2 and 3.3.3.3 but not for any other logging members.

lines like 

logging snmp auth-fail
logging buffered 64000

should also be allowed

 

he tried simple rule

must contain all lines in any order

logging 10.111.112.1

logging 2.2.2.2

logging 3.3.3.3

May not contain any of these lines

logging \d+\.\d+\.\d+\.\d+

 

This did not work because the lines with the required logging servers also match the regex of the lines that may not be matching

 

You need to exclude those IP addresses in your regex.

Following Regex does the trick:

logging ((?!10\.111\.112\.1|2\.2\.2\.2|3\.3\.3\.3)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})

 

The full rule would then be:

must contain all lines in any order

logging 10.111.112.1

logging 2.2.2.2

logging 3.3.3.3

May not contain any of these lines

logging ((?!10\.111\.112\.1|2\.2\.2\.2|3\.3\.3\.3)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})

 

 

Re: NetMRI Policy rule for certain logging server and no others

Expert
Posts: 272
4207     1

This is one where the old CPD method is so easy:

 

Required:

logging 10.111.112.1

 

logging 2.2.2.2

 

logging 3.3.3.3

 

Invalid:

logging \d+.*

 

Highlighted

Re: NetMRI Policy rule for certain logging server and no others

Moderator Dave_Signori
Moderator
Posts: 117
4207     1

Try this:

 

Config File Must Contain ALL of These Lines in Any Order

logging 10.111.112.1

logging 2.2.2.2

logging 3.3.3.3

 

Config File May Not Contain: Any of These Lines

logging ?!(10.111.112.1|2.2.2.2|3.3.3.3)

@DaveSignori
Showing results for 
Search instead for 
Do you mean 

Recommended for You