I do not have an answer, but I have a similar situation.
After checking for ACL compliance of a particular ACL; I want to report on any additional ACL assignments not already defined by the Policy rules.
I want to report on any added device ACL rules that are not part of the defined Cirrus ACL rules.
I do not know about a negation option within the RedEx engine; but I thought allowing the use of Boolean logic between defined rules would be beneficial.
The best solution I have been able to come up with, is a pattern match across multiple lines (i.e. block of text).
For an acl list, this means that you can include the remark at the top of the access list, and the deny any at the bottom.So for an acl like this...
access-list 49 remark Management Server
You can create a rule like this...access-list 49 remark Management Server\s+access-list 49 permit 10\.1\.1\.11\s+access-list 49 deny any
Not perfect, but without a true negation option it appears all we have.Dave.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.