5 Replies Latest reply on Jul 18, 2019 2:26 PM by jrouviere

    Create New Job in NCM

    kingdwight

      Hi All,

       

      I thought this would be simple to do in NCM but I can't figure out how.

       

      We are trying to run a "show version" job across all our Cisco devices that will show us if we have any IOS XE out there and the version number.  The problem is that Cisco can list the version as Cisco IOS XE or IOS-XE.  If we run a job with " Cisco IOS XE" we get some results and when we run " Cisco IOS-XE" we get other results.  I would like to run a "" that matches "Cisco IOS XE" OR "IOS-XE".  Is there an easy way to do this?  And we would rather not do a regex for one character as we may look for other differences in the future.

       

      Additionally we would then like to run a "show running-config | include ip http server|secure-server" in the same job to see if any of those devices have http enabled.  Currently we don't know of a way to run both "show version" AND "show running-config | include ip http server|secure-server" in the same job while searching for "Cisco IOS XE" OR "IOS-XE" from the first line "show version" 

       

      Has anyone here run a similar type of job that can point us in the right direction?

       

      Thank you,

      Dwight

        • Re: Create New Job in NCM
          jrouviere

          It looks like that should support regex, so you can use (a|b) to filter for A or B or you can use [ab] to do the same in theory.

           

          For your case I would try "Cisco IOS(-XE| XE)", I'm not amazing with regex so you may want to play around with it some, or there might be a way to do it with just the space and dash like "Cisco IOS(\s|-)XE".

          1 of 1 people found this helpful
          • Re: Create New Job in NCM
            HerrDoktor

            Do you need further info on this, did it work out as jrouviere and myself suggested?

              • Re: Create New Job in NCM
                kingdwight

                Thank you jrouviere and HerrDoktor for responding.

                 

                I think I may not have been clear when I created the post (I was in a bit of a rush).  The need was based on a vulnerability found in Cisco devices running IOS XE AND have http or https enabled.  So we were looking for a way to generate a report for all devices that run Cisco IOS XE AND then find "ip http server|secure-server" in it's running config, if it exists. So RegEx definitely helps with the show ver command and will give us a list of devices that run Cisco IOS XE but we are still left not knowing if the devices listed have http running.  We wanted to be able to do both in one script.  Is there a way to do both in one script?

                 

                I hope this helps clear up the request.

                 

                 

                  • Re: Create New Job in NCM
                    jrouviere

                    Yep, wow. Not sure how I managed to gloss over the http part. I think I assumed you were just trying to get that little extra for the version and focused in on that.

                     

                    Reviewing the Regex examples that are linked to the Job Specific Details part of the job:

                     

                    Filter the results of an executed script

                     

                    It looks like you do have some options to regex multiple lines.

                     

                    One thing stuck out:

                     

                    service tcp-keepalives-in.*\n(.*\n)*.*service tcp-keepalives-out

                    Finds the first line service tcp-keepalives-in and then looks for service tcp-keepalives-out on any line after that. The regular expression string .*\n(.*\n)*.* is used to search any number of lines between strings.

                     

                    So I don't know 100% what your output is that you're looking for, but you can run the commands both in the same job, just list them one after the other:

                     

                    show version

                    show running-config | include ip http server|secure-server

                     

                    (In hindsight if there's a way to just target the job to the specific devices that might solve the Show Version part of it).

                     

                    Then the regex would be something like:

                     

                    Cisco IOS(-XE| XE).*\n(.*\n)*.*secure-server http enabled

                     

                    You may need to play with that some, but that should get you in the same zip code. The first part of it is a total guess on my part, but hopefully you can extrapolate from the above examples and the link. You'd need to put in what the actual string returned is.