Cirrus Policy Reporter – Help

Question

We use the Cirrus Policy Reporter extensively for doing Cisco configuration compliance reporting – and it’s been working well for us.
I now want to extend compliance reporting into our QOS polices – but I’ve run into an issue that has me stumped.
Hopefully there is a genius around who can help!  
The easiest way to explain my problem is with an example…  
I want to be able to verify the service policy applied to a number of interfaces, so I added some detail to the interface description that would enable me to check that the correct service-policy was applied (so far so good) – example config below....  
interface GigabitEthernet0/1.7
 description WANLink-if.subintf_wan(native)
encapsulation dot1Q 7
 ip address xxx.xxx.xxx.xxx 255.255.255.252
 no ip redirects
 no ip proxy-arp
 service-policy output Shape-native-1  
Some devices also may have multiple VRF’s on them with interfaces like the following…  
 interface GigabitEthernet0/1.107
 description WANLink-if.subintf_wan(prod-user)
 encapsulation dot1Q 107
 ip address xxx.xxx.xxx.xxx 255.255.255.252
 no ip redirects
 no ip proxy-arp
 service-policy output Shape-prod-user-1  
and others will have crypto…  
interface GigabitEthernet0/2.10
 description Dist-if.Crypto(native)
encapsulation dot1Q 10
 ip address xxx.xxx.xxx.xxx 255.255.255.248
 no ip redirects
 no ip proxy-arp
 service-policy input Police-To-VAM2+  
The problem is, I need a way to write a regex expression that looks for the description and determines if the correct service-policy is applied (which I can do), but an expression that doesn’t create a policy violation if the description isn’t found (e.g. if the particular vrf isn’t configured on the router).  
Can anyone point me in the right direction??  
 Dave.

chris.lapoint · Answer

We are definitely looking into making more config details (e.g. interface/port) available in the node selection criteria.  I can't commit to this being in the next release given the resources we're putting into Orion integration and Cirrus website, but we'll definitely consider it.

Wrt/ to multi-line RegEx, a customer I talked to yesterday pointed me to this free tool:

http://www.docuverse.com/blog/donpark/2006/08/10/regulazy-visual-regular-expression-builder

savell · Answer

Kind of worked out how to deal with this situation.
Basically I created an SQL Server DTS script to populate the Cirrus comments field with the appropriate interface function types for each device (from the detail already captured in the Cirrus Interfaces table).  
This runs nightly to update any changes, and then each policy report selects the appropriate nodes from a specified criteria statement on the Comments field.  
A little long winded, but it works well.  
Of course the ultimate solution would be for Cirrus to include multiple regex string support from policy reporting (with if/then/else support).  
Dave.

savell · Answer

One way I thought of dealing with this situation (apart from some clever regex), is having the interface/port configuration details available to select as part of the node selection criteria.
The only details currently available however are the node details.
Is there any intent to expose further properties within the node selection?  
Dave.