logical operator & conditionnal express in Baseline template in CiscoWorks

Unanswered Question

Hi !


I work with CiscoWorks version 4.1.1. We are using Baseline template feature to validate our standard configuration setup.


I would like to know if some logical operator are exist in the language used in baseline template. In the online help I find a reference on the language form SUN for regular expressions at the site :


http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html


on this site some basic logical operator are available : the " | " is use for binary " or " operator and " ( ) " for capture group.


If some others operator are exist please let me know….




I'm trying to validate only should present usename/password are in configuration switches.


Here username should be there :

marc

alan


I tried " + [#![#username marc.*#]]|[#![#username alan.*#]] " and " + [#![#username alan.*#] |#![#username marc.*#]] " syntax and those failed (and some others with " ( ) " and spaces for tryin to group some of them…. All of them failed. I'm sure " + [#![#username alan.*#]] " sentence working properly.


When I tried " + [#![#username alan.*#]] " with alan & marc in configuration as valide username the compliance as failed like it as should be. My understand is if I'm able to provide + username ! alan or ! marc the compliance should be pass if I have only username alan and/or marc in the configuration if something else is present the compliance as to be failed.


I also whould like to know if some conditionnal operation are exist, like we can see in some programmation languages, exemple :


if int vlan1 ip address x.x.x.4 | x.x.x.132 # this my first switch

fa0/24 should # is connected to another telecom device

[#description.*]

Speed 100

Duplex full

no spanning-tree portfast

….

Else ….


I know some " prerequisite " option is possible I did not explore this option at this time…. Because I had to post a question for the first part of this message I asked also for this at the same time to make easier possible the developpement of our template for your switches.


Thanks a lot !


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Wed, 09/17/2008 - 10:17
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Yes, these operators are valid.


I think you want:


+ [#username marc.*#]

+ [#username alan.*#]

- [#!username (marc|alan).*#]


This will ensure marc and alan exist, and will match any other user and mark that line as non-compliant.


The conditional feature is available in RME 4.1.1. Have a look at this whitepaper, http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2073/prod_white_paper0900aecd8068cc98.pdf . Have a look at Case 4.

Hi !


yes you and understand me correctly...


since I had post my question I start to explore prerequisite feature, I think this not doing exactly what I had think it's do but the feature will also help me to develop my template.


I had create prerequisite with :

+ hostname [#![#DMZ.*#]#] #to exclude all device with hostname starting with DMZ caracters.


my test device as hostname 2960-24P and is always exclude from my compliant test I don't understand why (at the start it was look like work properly but the overlapping regular expression look like failed, if I removed regular expression [#DMZ.#*] and set to something none generic like : DMZ-2960-24P everything working fine (even if I change the hostname of the device to DMZ-2960-24P, the device is exclude at this time like it's suppose to....)


thanks a lot for your help ! It's really appreciate !

Joe Clarke Wed, 09/17/2008 - 11:03
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Nesting regular expressions doesn't work. If you want to exclude all devices with a hostname starting with DMZ, then do:


+ hostname [#!DMZ.*#]


This performs a negative match. So, if the hostname does start with DMZ, [#!DMZ.*#] will not match it.

Hi !

I had try for username issue...


+ [#username marc.*#]

+ [#username alan.*#]

- [#!username (marc|alan).*#]



when I use - sign for the last sentence my command failed I try with the + sing evrething look like working fine but when I add the other username to the list my test is failed and the device is report for none compliant for this line


- [#!username (marc|alan|gilles|albert|lisa|....).*#]


any maximum in the condition ??


In addition I know baseline template check configuration with file on the CiscoWork server but is it check with running config or startup configuration ?


thanks a lot !

Joe Clarke Wed, 09/17/2008 - 11:49
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

What do you mean it failed? It would be helpful to see your complete baseline template, the config from the device in question, and an exact indication of the failure. However, I did have a typo. You can't use a whole line regexp on the last line. You'd need to use something like:


- username [#!(marc|alan)#]


But then you'd need to fill in the other parameters. You might try this instead:


- [#username (?!marc|alan).*#]


There are no limits to the number of conditional matches.


The check is done against the latest archive configuration. This is typically the running config.

Actions

This Discussion