2 Replies Latest reply on Mar 16, 2018 1:47 PM by allenspoon

    Cisco ACL Complaince Check

    allenspoon

      We are trying to build a compliance rule to check for a "log" statement at the end of each permit statement of an access-list. The entries in the ACL are different for each device but all entries must have the "log" at the end.

       

      For Example, this device should flag because one line is missing the "log" statement:

      access-list 25 permit 192.168.207.48 log

      access-list 25 permit 192.168.207.49 log

      access-list 25 permit 192.168.207.47 log

      access-list 25 permit 192.168.205.205 log

      access-list 25 permit 192.168.205.206 log

      access-list 25 permit 192.168.2.1

      access-list 25 permit 192.168.206.170 log

      access-list 25 permit 192.168.248.96 0.0.0.31 log

       

      While this other device, using the same ACL 25 with different entries, shouldn't flag:

      access-list 25 permit 192.168.205.205 log

      access-list 25 permit 192.168.205.206 log

      access-list 25 permit 192.168.182.169 log

      access-list 25 permit 192.168.95.20 log

      access-list 25 permit 192.168.248.96 0.0.0.31 log

       

      Here's what I have now. I think i'm close but can't quite get there:

        • Re: Cisco ACL Complaince Check
          jkrenzien

          I think you are very close.The following might help

          Search only for a config block (regex)

          Start:

               ^access-list 25 permit.*

          End:

               (\n|\r)

           

          Then in the string section put 'log'

           

          This should find all access-list 25 permit statements that don't have the word log in the line after the word permit. You may also be able to remediate each line (run script on each config block in violation), but that would depend on the structure of the ACL and if order would have any affect on it.

          1 of 1 people found this helpful