9 Replies Latest reply on Dec 12, 2016 3:11 PM by rschroeder

    NCM regex help

    evilgoat

      Hello everyone,

       

      I've been tinkering with NCM for a while now and while the regex used in the config block start/end bits works exactly as expected, sometimes the expressions used in the config search block yield unexpected results.

       

      ex: this is the bit of configuration that has the AAA commands

       

       

      I run the following rule against this:

       

       

       

      and these are the places where according to the rule AAA_GROUP_ETSADMIN was found:

       

      but as you can see from the config the line containing command 1 should not match, yet it does, whatever I do.

       

      Could anyone explain what I'm doing wrong?

        • Re: NCM regex help
          evilgoat

          also, if i test the rule on the exact same config, it works perfectly:

           

           

            • Re: NCM regex help
              CourtesyIT

              evilgoat

               

              It looks like the rule is finding what you are looking for.  Can you help me understand what it is you expect to see after this rule is in the 'not violated' state?

                • Re: NCM regex help
                  CourtesyIT

                  I would start my config block at:

                   

                  ^aaa new-model

                   

                  end my config block at:

                  ^!

                   

                  for cisco devices.

                    • Re: NCM regex help
                      evilgoat

                      I don't want to look at the entire config block of AAA, I want to look at specific lines of AAA, which is why I was trying to make the config be one line, specifically the ones starting with ^aaa accounting and ending with the end of line character.

                       

                      I think we figured it out though, at least partially. Still can't decide if it's a bug or not but basically, a config block can't be a single line, by default NCM seems to look for the config block end at least one line below the config block start.

                       

                      This also combines with the fact that when you match a regex expression on a line, that entire line gets matched.

                      So, for example in a configuration that looks like:

                       

                      aaa accounting exec default start-stop group etsadmin

                      aaa accounting commands 1 default start-stop group etsadmin

                      aaa accounting commands 2 default start-stop group AAA_GROUP_ETSADMIN

                      aaa accounting commands 3 default start-stop group AAA_GROUP_ETSADMIN

                      aaa accounting commands 15 default start-stop group etsadmin

                       

                      there is no way for me to start the config block from the word 'exec' on the first line, even if i make the config start line be: 'exec default .*' this will match the entire line, including the 'aaa accounting' bit that is before 'exec default .*'

                       

                      same way, the config block end of (\r|\n), will match the entire line it's found on, not only up to the expression.

                       

                      so what I was doing in my example was looking for '*AAA_GROUP_ETSADMIN.*' in the following config blocks:

                       

                      aaa accounting exec default start-stop group etsadmin

                      aaa accounting commands 1 default start-stop group etsadmin

                      --------------------------------------------------------------------------------------

                      aaa accounting commands 1 default start-stop group etsadmin

                      aaa accounting commands 2 default start-stop group AAA_GROUP_ETSADMIN

                      --------------------------------------------------------------------------------------

                      aaa accounting commands 2 default start-stop group AAA_GROUP_ETSADMIN

                      aaa accounting commands 3 default start-stop group AAA_GROUP_ETSADMIN

                      --------------------------------------------------------------------------------------

                      aaa accounting commands 3 default start-stop group AAA_GROUP_ETSADMIN

                      aaa accounting commands 15 default start-stop group etsadmin

                       

                      and evidently it was finding it 3 times.

                       

                       

                       

                      now, what I would really like to know is, if there is any way to make a config block be one single line.

                • Re: NCM regex help
                  rschroeder

                  I confess I'm not familiar with that query, but it looks like you've told it to search for something with "dots" in it.  But the actual lien does not have any dots.  Could that be why the query doesn't return what you expect?

                   

                    • Re: NCM regex help
                      evilgoat

                      a dot represents any one character and a star means the previous character 0 or more times. so basically .* matches anything (even nothing) and the entire string would express 'find AAA_GROUP_ETSADMIN preceded and followed by anything'

                        • Re: NCM regex help
                          rschroeder

                          Thank you.

                           

                          I mistakenly thought the first "dot" meant the pattern must only begin with a dot, then the asterisk indicated any character was allowed between the dot and the AAA.  And later, the search would only return results if the phrase was terminated by a dot followed by any character.

                           

                          I appreciate the knowledge share.