Regex for Variable AAA Config Blocks - NCM Compliance?

Pythbit

Hi all,

I've been rolling my face on my keyboard over this, and I've done some googling, however I'm having trouble using NCM Compliance to pull the existing aaa and tacacs configs from a variety of Cisco devices.

What I have currently (which does not work - it results in duplicate lines or additional config):

Block Start: ^(aaa|(ip)?tacacs)

Block End: ^(aaa|(ip)?tacacs| \S)+.*(?!\n\s) - The purpose is to end if the next line is not an indent (i.e, no subconfig) but also only if the global config involves aaa/tacacs.

String Match: This has been everything from .* to ^(aaa|(ip)?tacacs| \S)+.+(?=\n\s)?

I'm preeeeetttty new to regex in general, so I really feel out of my depth. Yet I feel like matching blocks that don't end on a ! should be a pretty common problem. Unless I'm just going about this the wrong way.

Thanks all!

Example config - should match everything related to aaa/tacacs.

aaa new-model

aaa authentication login CONSOLE local

aaa authentication login VTY group tacacs+ local

aaa authentication enable default group tacacs+ enable

ip tacacs source-interface Vlan1

!

!

aaa session-id common

clock timezone PST -8 0

!

tacacs-server host 1.1.1.1

tacacs-server directed-request

tacacs-server key CISCO

--- OR - should also match the indented lines.

tacacs server SERVER

 address ipv4 1.1.1.1

 key 7 randomhashgibberish

 any other possible subconfig value

alain_p

Hope this sets you on your way, to achieve what you might be looking for.

It's basically adding statements with AND / OR block & using parenthesis.

A few lines:

aaa new-model (^\w{3}\s\w{3}\-\w{5}$)
aaa authentication login CONSOLE local (^\w{3}\s\w{14}\s\w{5}\s\w{7}\s\w{5}$)
aaa authentication login VTY group tacacs+ local (^\w{3}\s\w{14}\s\w{5}\s\w{3}\s\w{5}\s\w{6}\+\s\w{5}$)

Wkr,

alain_p