Ciscoworks LMS 3.2 - Compliance mgmt negation problem

Answered Question

Hi,


Strange problem, that I am sure is being caused by me.


Basically trying to run an advanced Compliance mgmt job, looking for a set of pre-requisites (this is working) and then removing all non compliance SNMP community strings from a sample device.


I use two lines for this removal


- snmp-server community [#!testR[OW]mon#] [#.*#] [#.*#]
- snmp-server community [#!SNMP#] [#.*#] [#.*#]


From what I see, this should remove all snmp-server communities from a device other than "testROmon", "testRWmon" and "SNMP". Obvious caveat is that they would all need to have two words after this (in this case, these are ro or rw and an ACL).


When I run this it seems to try and remove twice as many snmp community strings as there actually are on the device config? So I guess the core questions are: -


1) Does the above look sound and would it do what I think

2) Does the Compliance management engine parse the entire config independantly for each line of the above and hence explain why I am getting more removals than I would expect or is there a problem somewhere?


Any help on this appreciated as its driving me nuts

Correct Answer by Joe Clarke about 6 years 9 months ago

I think you probably want:


- [#snmp-server community (?!testR[OW]mon |SNMP ).*#]
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Joe Clarke Tue, 07/20/2010 - 13:10
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I think you probably want:


- [#snmp-server community (?!testR[OW]mon |SNMP ).*#]
Joe Clarke Tue, 07/20/2010 - 14:49
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

It's a negative lookahead assertion that checks to make sure that a community string is not either of those two patterns.  It will remove lines like:


snmp-server community public RO

Joe Clarke Tue, 07/20/2010 - 16:24
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

No, the pattern would be:


- [#snmp-server host (?!10\.10\.10\..*)#]

Actions

This Discussion