Hoping someone can help me with a multiple line regex to omit detecting the following as a change in NCM...
Thank-you for the reply, but unfortunately these are still getting thru.
Would you be able to post your fortinet device template ?...and method of communication (SSH/SSH/TFTP).
Also what version of NCM are you currently running ?
Could the blank line be causing my issues ? (blank line is located just below the dek-info line)
Thanks in advance.
Dave
Were you ever able to figure out a RegEx Key pattern to use to ignore the -----END RSA PRIVATE KEY----- issue you were having. I have the same issue and the patter mentioned above doesn't work me as well.
'Shot of mine' changes all the time so I keep getting a "change" notification and new backup file. Any help would be appreciated. :)
DEK-Info: DES-EDE3-CBC,72AC492485367CE6
1aRG85+As8ZoRWwYdIDQ4zLGa1BizR7t+55XomWWPaZ35ZXpLhaihTOlrZXUuiDP
qQUWw2nuNGD+rFrT7jlVIULr8wNXPL1jDAFEHLOBH3dBhj8mkSGbg/SevZfcrAjl
XlO+hPZ8OIHVnUXSxsL6Mn5otZPTGVVzC/pWgdvHUo4pcCclxBKCgehQxIwkvFWb
FDdP2kFU/5BYO2acX2dasykd4VpTaKdGy3wWOi8e8OADIjMVd80x2VQczcCCdUms
exP/759rbCmedhW9QC8CYA96nMXjWhnKxnhpEMatSpx42MB2tT3pA7LYnO+Ra7Fu
DG4JsiTN5VlyoimUYr/HGm7o2S0tauhgIVlT7er3cEANzZqUB5r/go9L9Tt3i3SB
IKv4vEhxQCSAEqmJ4m/cvXrAhspZNnR00v0tFd30HyWEUN7/S6Ph1dmjxgepUz1Y
m9rTx8lHCRN+jCgvknvJ77H0U8EInDbdYl1TG9lOrPdVv5VIx8O8fE76+D9t8ZBo
YwRIjGbj5OZ97Ndip9FLFZqXiLmDIdvsHKYJAy6SplSEVh/ZdnFF7DoDCMHHFt2d
/K7uV9p+bMJPGHjKH34LYEemkpCAuWlF3niVqQqzejnyIh5L+7Sk6kK0AskRM6Sc
askr/DQoidFYn4RkNtCUOTbFBplqddOlHmdxFM7f8UCG6CyxPFMQUNyi3m0StVHM
xUDNNeFX4dctl3/H0Otxh5B3qrz+nwa/hLQM3oAsN4Tivt4jojq/nYmSWxzzkMgm
3RGfqaBBU9LJzd8jNquWfDAYAKQI8wwgSCmfQw6eu8NZUuETZCAlOYgyupXUZKPw
al8QSjaHSxpmDPbWtecFBtSuDHj97H+pinaYNjdXPSYBbgz2rU0HYebuMTz6UkZX
UKxrzb8+0rfaWU/OPV150AJv46myDJJvZWVyv+XrUIIHH+3G2StiaFE8viWWCAdR
SXJyoWf1qMfyiJw3jEyfRaxt5T/+yV/vn/DjfhajVT3+U0OQlQEa5lWbBKQr8N4K
sIUos3tkdtSu/V4SOZdBwKGKnTrUSgj/nUtdjPyP0RKpot23zc1jj3y2xOrWoV/k
En2cjwZkmAfzQb3YQ2F8kgkdQUFeXgvvh+wRAk/ifc9vAN2gLVw8R5qqNs3FsMsf
fZzbNVXIb9UocvibhDE/x4Zhwr/ZUJZLFtQpTT6+tcW817Sxiwma+6K9yAxmLYwS
lVZlGFgpH2T/4sL1Sq38zC3iXRMgt/45ieQdo25T+p20nBnwh7fiIdKwjPgw4HsN
ZhKYVJIQVmRuMyy0I1QtfBT420etVmhN/iuKqMpNkpdodU5ydFEDgJok4TiSBxdw
K9enu3cs1O8gTRd46ZXva8wAjALVogwqC5S5DzJphEl8XN+EhTlULsx59uWpKZQ8
awpQGN5Kd3LfmxIjubFbc8XMZpleZGoHmdFS/HXNV0BotA0z2LUqCt4zIO4H5hvY
9R/2OcGW+lglCx6dTJXs7rrQjudOX5OnMZ5UY/rmxczY5Nqh24wUEUYYzg6qcnSX
R2ATpYdRJa+XYDlHNIL3Zg0SIA35raHw1Mxmp5O2RcHP9axRX1ZCmA==
-----END RSA PRIVATE KEY-----"
I am confused how any of the above are working without breaking real time detection. The Diff util uses BRE only and it's line by line, there's no multiline matching ever.
Have you guys actually validated you didn't break real time change detection entirely? I just want to ensure people don't see this thread and break stuff in their production environment considering this a closed answer.
Also, you would *most* likely need to use "\S" 64 times in a row since it's BRE and there are 64 non-white space characters per line, if there's no leading space ^\S first then 63 \S
I can't personally say that it's working. My network team said that is what they used and that it's working as expected. I will ask them to do a double check on it today and will let you know if they indicate that they have found any problems.
byrona No problem, see my edited comments. Honestly, I wouldn't want to try to account for this and I did give my best answer above to the problem. Lastly, the last line is 56 characters, you would need to check multiple keys and ensure it's 64 and 56 only.
Of final note, *IF* you happen to have a 56 or 64 non white space character line outside of this key, it will give a false match and ignore it.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.