Multi-line regular expression rules

I'd like to use policy reports and regular expression (regex) rules to evaluate our baseline configurations on our devices. One area that I'm having trouble with is creating regular expressions for multiple config line items that will allow me to search for anything not identified. Let's say I want to check to ensure that only the lines below are listed in the config. If each of these are listed as a rule, and I check the box to violate the rule if the pattern is not found then I will have a lot more rules (more pages) and I wouldn't know if anything else is entered. I would only know if these specific IPs or ranges are in the config unless I looked at the config. This means I might not find a misconfiguration by creating a snippet to only correct individual lines. In many cases, I can't just go through and perform a no access-list 5 and re-run the lines below because I may remove a local subnet that must be included and setup based on the location of the device in the network.

access-list 5 permit host 172.16.0.5
access-list 5 permit host 172.16.0.6
access-list 5 permit host 172.16.14.1
access-list 5 permit 172.16.25.0 0.0.0.31

Is there is someway I can write a one-line regex for this so I can have 1 rule for VTY access instead of multiple lines? That way, I'd know immediately if something else is entered for access-list 5. Does anyone know if this is possible or how to do this? Is there an easier way to attack this problem?

I purchased RegexBuddy to help me validate my regular expressions and it has many different Regular expression languages (i.e. Java, Perl, Python, etc). Does anyone know what language Cirrus uses for its regular expression syntax?

I see the power of this tool to help us identify misconfigurations but the "programming" aspect of the regex code is limiting our ability to fully use this tool. I would be interested in learning how others use this tool to ensure baseline configs are properly applied and whether or not you have programmers on staff to help with this or if you have teams assigned to keep this product working smoothly? Right now I'm doing this full time but I'm still having a hard time keeping up and unfortunately I'm the only one doing it. Well sorry for the lengthy post but I'm looking forward to your feedback.

Robert

Find more posts tagged with

cirrus

config

regular_expressions

regex

multi-line

Accepted answers

All comments

savell

Robert,

If the lines are always in the same order (not always the case unfortunately), then you can create a regex expression like this...

access-list 5 permit host 172.16.0.5\s+access-list 5 permit host 172.16.0.6\s+access-list 5 permit host 172.16.14.1\s+access-list 5 permit 172.16.25.0 0.0.0.31

Although it doesn't help much if someone adds a line to the start or end of the config segment. For problems like this, I ended up using an SQL based solution in which I can use and/or type logic. I posted an article on this in the content sharing zone.

Sav.

rsprim

Sav,

I'll give this a try. Can you post a link to your SQL solution in the Content sharing zone and are you aware what expression language Cirrus uses? Thanks!

Robert

savell

Here is the link ">

Don't know the answer regarding your Regexbuddy question sorry.

Sav.

nickzourdos

Hey I just wanted to say that, ten years later, this post is still helpful. THWACK is awesome