2 Replies Latest reply on Jun 14, 2017 10:07 AM by rschroeder

    What variables/macros are available in the Remediation script section of a Policy Rule?

    desertmoose

      When you check the box, "Run script on each config block in violation", it automatically adds a variable at the top "${ConfigBlockStartLine}".

       

      Is there a list somewhere of other variables we can use in a remediation script?

        • Re: What variables/macros are available in the Remediation script section of a Policy Rule?
          jkrenzien

          I haven't seen a full list of available variables confirmed to work in a remediation script. However all of the variables that are available in a standard NCM script should be available there (See page 115 in the admin guide for the command script section). If you need complexity you will want to look at the config change templates.

          • Re: What variables/macros are available in the Remediation script section of a Policy Rule?
            rschroeder

            Anything you can run from a normal CLI console / SSH session to a switch or router or firewall can be run in a remediation script.

             

            Figure out exactly what you'd do manually to achieve the remediation, then save those commands and past them into the remediation script window and have NCM perform the remediation automatically on any device that doesn't pass your Compliance rules.

             

            Just remember that NCM is not intelligent; it will do exactly as you say, to every device that fails a Compliance check.  You've got the ability to save yourself a LOT of manual work this way, but at the same time you've got to recognize NCM could also cause you a lot of work, if you inadvertently have it do something inappropriate to any of your devices.  Check, double-check, triple-check before enabling automatic remediation scripts, and then ensure you have recent / solid backups of every device's configurations so you can restore or compare current configs to past configs in the event that a remediation script causes unintended / unexpected problems.