Help with regular expressions and config change reports

Actually I'm haivng the same issue.  I've tried several things that I thought SHOULD work but none have been successful.

Has anyone come up with an answer to this?  I have a few dozen 3750 stacks that I get an e-mail every morning that say something has changed when it hasn't.  I need to find a way to ignore this when the comparison is run. 

Make sure you baseline the startup config and then have the change report do the comparison on the baseline config. 

I'm convinced the regular expressions don't work for config compares.  I can't even get it to ignore the certificate self-signed line.

Just to clarify, in Config Comparison Criteria, multi-line regular expressions are not currently possible.  However, single line ignores should work just fine.

The every-changing certificate self-signed line in your Cisco configs is something we're working on explicitly addressing as part of 5.1.

 Hang on, got it to ignore it. Forgot that there are special rules with config compares.  Something about an ignored line above or below a non ignored line results in both lines being printed

I created three rules:

certificate

quit

\d*

Now the change is not reported.  Guess I eat crow! lol.

Uh Oh, scratch that, \d* ignores every line.  Back to drawing board

I have an open ticket regarding this problem (#63311).  I fired off an email to support on 10/21 regarding a possible work around that I found in one of the Cisco TAC newsletters, but haven't heard anything back yet.  Here's what I found:

New Reader Tip: Show the Complete Config without Breaks or Pauses

1. Type "term len 0" in privileged mode to set your terminal to display without any breaks.
2. Type "show run" or "show start" to show the applicable config. The config will display without any breaks or pauses.

To display the config without lengthy certificate data, use "show run brief".

This is useful for capturing the complete config for documentation purposes, especially if you do not have access via TFTP or the like.

- Ryan Sweet, Aubeta Networks, Seattle, WA, USA

This only works on my 3550 and 3750 switches and not for the 2900/2950/3500XL series.  Any idea how we could put this to work in OrionNCM before a possible fix for v5.1?

--greg

If you want to use "show run brief" instead of "show running" for your config file, you can edit the appropriate Cisco device template (<install dir>\Configuration Management\DeviceTypes).  

Change this line:

    <Command Name="Running" Value="running"/>

To:

     <Command Name="Running" Value="running-brief"/>

NOTE:  Based on my research, the "show running-brief" command is only available for IOS 12.3(7)T release or later.

Does Cirrus V4 not support true regex? I've tried creating all of the following strings, but it does not ignore the cert (And even more basic variations of the regex, such as [A-F0-9]+ don't seem to match):

certificate self-signed
[A-F0-9]{8} [A-F0-9]{8} [A-F0-9]{8} [A-F0-9]{8} [A-F0-9]{8} [A-F0-9]{8} [A-F0-9]{8} [A-F0-9]{8}
[A-F0-9]{8} [A-F0-9]{8} [A-F0-9]{8} [A-F0-9]{8} [A-F0-9]{4}
quit

As noted in my earlier post above:

Just to clarify, in Config Comparison Criteria, multi-line regular expressions are not currently possible.  However, single line ignores should work just fine.

The four lines above were created as separate regex filters in the config change report; I would think that each line would be treated and processed individually. On Cirrus 4.01, it appears that the regular expressions may be broken (Unless you can spot a problem).