Cisco ACL Complaince Check

allenspoon

We are trying to build a compliance rule to check for a "log" statement at the end of each permit statement of an access-list. The entries in the ACL are different for each device but all entries must have the "log" at the end.

For Example, this device should flag because one line is missing the "log" statement:

access-list 25 permit 192.168.207.48 log

access-list 25 permit 192.168.207.49 log

access-list 25 permit 192.168.207.47 log

access-list 25 permit 192.168.205.205 log

access-list 25 permit 192.168.205.206 log

access-list 25 permit 192.168.2.1

access-list 25 permit 192.168.206.170 log

access-list 25 permit 192.168.248.96 0.0.0.31 log

While this other device, using the same ACL 25 with different entries, shouldn't flag:

access-list 25 permit 192.168.205.205 log

access-list 25 permit 192.168.205.206 log

access-list 25 permit 192.168.182.169 log

access-list 25 permit 192.168.95.20 log

access-list 25 permit 192.168.248.96 0.0.0.31 log

Here's what I have now. I think i'm close but can't quite get there:

jkrenzien

I think you are very close.The following might help

Search only for a config block (regex)

Start:

     ^access-list 25 permit.*

End:

     (\n|\r)

Then in the string section put 'log'

This should find all access-list 25 permit statements that don't have the word log in the line after the word permit. You may also be able to remediate each line (run script on each config block in violation), but that would depend on the structure of the ACL and if order would have any affect on it.