• State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 38 subscribers
  • Views 1106 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Compliance Reports and RegEx Doc? Also, RegEx/Compliance rule matching for network devices?

ohnjay

I've seen on different threads that there was a certain RegEx doc or cheat sheet of sorts through google but when I click on the link, it resolves to a page not found. Would anyone happen to have that file on this thread somewhere?

I've started navigating through compliance reports through the NCM and attempting to automate the STIG process for network devices and am having a tough time trying to ensure that the rules created work as they should. My knowledge is very weak on the programming/scripting side of network engineering.

My current issue is that I'm trying to have a rule that looks for any config that contains the line "switchport access vlan 1" and end up getting multiple returns with devices that have, let's say "switchport access vlan 125", "139", etc. How do I type out the string or RegEx to only match just VLAN 1 and nothing else?

  • 0
    If there's nothing else that could be on that line you can throw $ on the end sincethat indicates end of the line, alternatively maybe \s+ to indicate that there is a line break or white space after the vlan 1
  • 0 in reply to mesverrum
    The website I use to test my times is regexr.com, just paste my config in there and then use the guidance on the left to figure out my expression and it highlights matches as we go.
  • 0

    Just search for regular expression cheat sheet and find one that you like, they're all pretty good.  

    Many STIG compliance rules don't "anchor" enough stuff, which means defining where the search starts, like at a beginning of a line, and where it ends, like at EOL.   A simple string match, instead of a regular expression match, cannot anchor at all really, it just looks for the text on a line.

    Common regex anchors include the "^", also known as carat or some call it a "ref", which can anchor things at the beginning of a line, and the "$" which anchors things to the end of a line.  However, I've notice in SW that "$" tends to work great when you are testing a rule, but not when you implement it.  Others have said this might be specific to config types, such as Cisco.   If "$" doesn't work, use "\r" instead, which works for me really well most times (when not testing that is!)...

    So, to do a good check for a switchport on vlan 1, you would do a regex search for "^switchport access vlan 1\r".

    Of course on some devices, with this being the "default", it wouldn't actually show up in the config.   In which case you might need to look for a switchport that doesn't have anything set at all.   ie: something that isn't a trunk, but doesn't have a "switchport access" command on it.

  • 0 in reply to cnorborg

    Thank you for this response! I would've responded sooner but THWACK is god awful slow during core hours and I've been quite busy on SolarWinds as it is. I will definitely test using the carat and "\r" for these types of instances, but oddly enough, I've tried many characters to isolate VLAN 1. It turns out that the apostrophe on both sides of "1" actually did the trick while making the string type RegEx. SolarWinds is such a frustrating app to work with, I'm sure you can sympathize lol.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.