cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

Daily Configuration changes showing certificate changes

On my daily configuration report I get TONS of changes because of certificates like below.

pastedImage_0.png

I have seen other threads saying to add the following in the comparison criteria.

Ignoring hex data

^[ \t\r\n\v\f]*[A-Fa-f0-9][A-Fa-f0-9][A-Fa-f0-9][A-Fa-f0-9][A-Fa-f0-9][A-Fa-f0-9][A-Fa-f0-9][A-Fa-f0-9]

Ignoring Certificate

^[ \t\r\n\v\f]*certificate[ \t\r\n\v\f]*self-signed

Ignoring quit word line

^[^\w]+\bquit\b[\t\r\n\v\f]*

I also found this article Conflict: Running configs and startup configs do not match - SolarWinds Worldwide, LLC. Help and Sup...  that says to remove the ^ in front of the above commands.

I have both of these in place but it still shows up in NCM as changes. Below are the rules I have in place. Can anyone see what I am doing wrong?

pastedImage_2.png

Thanks for any help you can provide.

Labels (1)
0 Kudos
1 Reply
Level 8

Did anybody figure this out?

Since it already appears to be ignoring the hex cert contents lines ok, I thought I'd just add the following exemption:

\snvram:[A-Za-z0-9#]*\.cer$

That should ignore the nvram file reference at the end of the certificate line, right?

But, it's not working... these two lines still show up as different (note: a lot of hex lines in running and not in startup, so line numbers quite a bit different):

345 certificate ca 01

168 certificate ca 01 nvram:CiscoLicensi#1CA.cer

This one's gnawing at me because I write a lot of regex... regex testers say it's a match... what am I missing?

Thanks - Al

0 Kudos