This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Policy Rule Creation - Blocks

Hi all,

I've been trying to create a policy rule that would look for the presence of the following statements (Cisco Devices):

line aux o

     access-class 22 in

line vty 0 4

     access-class 22 in

The problem is that it's not recognizing access-class 22 in as a string that should exist at each block, it reports no violation as long as it finds it at least once in the config file and I'm not sure what I did wrong. I tried playing with the parenthesis but that didn't help, I tried multiple things, including the string matching that I'm showing in the attached image. I'd really appreciate your inputs!

  • Can anyone provide me with an answer or a suggestion, please?

  • Just put the entire block you need to verify in the string box and alert if there is not a match.

    Anything different (i.e. anything missing, extra or just plain different) will alert.

    pastedImage_0.png

    Sending a DM also.

    -CharlesH

    Loop1 Systems: SolarWinds Training and Professional Services

  • Thank you very much! is there a way to make it so you can apply a rule to only certain devices like just Cisco's Nexus devices for instance? I know how to do that to an entire policy but there's no option for just a rule?

  • Yes, you need a policy report still.  The Rules you build go into policies, and then you combine policies to generate a report.

    You can have a policy with a single rule, you can have a report with a single policy to set on any node you need.

    I would say if this rule coincides with another rule within an existing policy you might add the rule there.

    You can add a single rule to multiple policies, and you should be able to add policies to multiple reports.

    This structure allows you to build out general rules to apply across the board or help baseline if you desire, or make things very specific for one off or special type devices.

  • I just recently started working on compliance reports so I'm still learning how they work. This is a similar situation where I'm trying to check for the timeout statement in a rule I created for vty lines:

    line vty 0 4

    exec-timeout 60 0

    line vty 5 15

    exec-timeout 60 0

    I tried putting them all in one string as you suggested but Solarwinds treats them as one and of course, it gets flagged as a violation, if I separate them as I was doing it would not  flag them even if vty 0 4 had it but vty 5 15 didn't! Is there something else to try or maybe I'm doing something wrong?

    timeout.png

  • Okay, I had to recreate your issue and was able to.

    If I did a copy and paste it seemed to pickup extra characters, I tried to retype the block a couple of times and it kept giving error or failing to see the block properly. So, I viewed the last config DL'ed. Copied the block; and got this (table form and all)

    150:
    ! 
    151:
    line con 0 
    152:
    line vty 0 4 
    153:
     login local 
    154:
    line vty 5 15 
    155:
     login local 
    156:
    !

    Then pasted this into Excel, Copied just the 2nd column and pasted that into Notepad. Then copied from Notepad to Web Gui and setting up the block.

    Then it worked, I then removed the bottom !; then the top one, and the line con 0... and it worked at every step.

    I am not sure what other characters it grabbed, because when I typed this in it failed the first time also. Honestly I have never had that much trouble setting up a rule in this manner. I am just glad that I was able to confirm it is still working. LMK if you continue to have issues on your end. Send me a DM if you need.

    End result:

    pastedImage_0.png

  • I really appreciate the fact that you tried it yourself emoticons_happy.png Unfortunately, it didn't work for me, what's interesting too is that I used this (below) as a Regex and still failed, showing me exactly what I typed and telling me it failed to find it!

    line vty 0 4\s+exec-timeout 60 0\s+line vty 5 15\s+exec-timeout 60 0

    Could this possibly be a bug? I don't think it's supposed to behave this way!

  • I did another test trying to figure out what is going on. Upped my logging, and ran a test again. Found that even one missing space will make this fail. So I duplicated the text and spacing exactly (put the space back in on line 2) and it confirmed to violation. In my logs on each test I see output: empty at the end of the run, no errors and no different log entries for violation or no violation on NcmBusinessLayerPlugin.log

    So if you do copy/paste use notepad to remove any 'extra' formatting, or type it into the text field exactly as it reads from the device when you show running-config.

    Let me know if that changes anything.

  • Yeah, that's what I thought too, I tried before and I tried once again manually and by copying and pasting as you suggested and from notepad yet it keeps throwing the same stuff back at me. As a matter of fact, it seems like the non-advanced config search thing is broken since it doesn't even process single lines of Regex commands, all the outputs come out as they were entered!

  • Okay, if you have not turned up logging for NCM, and specifically Policies you might try that. I did not get much in my tests so you may have to apply the rule to the device to pickup on a clear error. Just hit me back with anything else you find...

    Maybe active diagnostics will turn something up once the rule is set.