Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Ciscoworks LMS 3.2 - Compliance mgmt negation problem

Hi,

Strange problem, that I am sure is being caused by me.

Basically trying to run an advanced Compliance mgmt job, looking for a set of pre-requisites (this is working) and then removing all non compliance SNMP community strings from a sample device.

I use two lines for this removal

- snmp-server community [#!testR[OW]mon#] [#.*#] [#.*#]
- snmp-server community [#!SNMP#] [#.*#] [#.*#]

From what I see, this should remove all snmp-server communities from a device other than "testROmon", "testRWmon" and "SNMP". Obvious caveat is that they would all need to have two words after this (in this case, these are ro or rw and an ACL).

When I run this it seems to try and remove twice as many snmp community strings as there actually are on the device config? So I guess the core questions are: -

1) Does the above look sound and would it do what I think

2) Does the Compliance management engine parse the entire config independantly for each line of the above and hence explain why I am getting more removals than I would expect or is there a problem somewhere?

Any help on this appreciated as its driving me nuts

  • Network Management
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Ciscoworks LMS 3.2 - Compliance mgmt negation problem

I think you probably want:

- [#snmp-server community (?!testR[OW]mon |SNMP ).*#]
5 REPLIES
Cisco Employee

Re: Ciscoworks LMS 3.2 - Compliance mgmt negation problem

I think you probably want:

- [#snmp-server community (?!testR[OW]mon |SNMP ).*#]
New Member

Re: Ciscoworks LMS 3.2 - Compliance mgmt negation problem

Thanks Joseph,

Any chance of breaking the last bit down for me? What does the | and the ? do.

Cisco Employee

Re: Ciscoworks LMS 3.2 - Compliance mgmt negation problem

It's a negative lookahead assertion that checks to make sure that a community string is not either of those two patterns.  It will remove lines like:

snmp-server community public RO

New Member

Re: Ciscoworks LMS 3.2 - Compliance mgmt negation problem

Thanks Joseph,

So if I also wanted to remove all SNMP traps bar: -

snmp-server host 10.10.10.x (where x is any ip in the last octet)

From a device, would I use

- [#snmp-server host (!#10\.10\.10\..*#).#]

Or doesn't this make sense?

Cisco Employee

Re: Ciscoworks LMS 3.2 - Compliance mgmt negation problem

No, the pattern would be:

- [#snmp-server host (?!10\.10\.10\..*)#]

262
Views
5
Helpful
5
Replies
This widget could not be displayed.