Negate a match

bleearg13

Dumb question - how can I negate a match in Cirrus Policy Manager? I'd like to match on a pattern and negate it so that the rule fails if it finds any further similar commands. For instance, in a config, I have two TACACS servers defined:

set tacacs server 192.168.219.6 primary
set tacacs server 192.168.230.6

I want my rule to match only these two TACACS servers - if the policy manager finds any others, it should fail. Here's the current rule I have set up:

set tacacs server 192\.168\.(219|230)\.6( primary)?

I'd like to negate the match on 192.168.(219|230).6 so that if, for instance, 192.168.240.4 shows up, the policy manager will report it. I've tried using the exclamation point, but it doesn't seem as though the regex engine that Cirrus uses accepts that as a character class.

Or, is there a better way to do this without negation?

dbatten

I do not have an answer, but I have a similar situation.

After checking for ACL compliance of a particular ACL; I want to report on any additional ACL assignments not already defined by the Policy rules.

I want to report on any added device ACL rules that are not part of the defined Cirrus ACL rules.

I do not know about a negation option within the RedEx engine; but I thought allowing the use of Boolean logic between defined rules would be beneficial.