• State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 26 subscribers
  • Views 666 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Create New Job in NCM

kingdwight

Hi All,

I thought this would be simple to do in NCM but I can't figure out how.

We are trying to run a "show version" job across all our Cisco devices that will show us if we have any IOS XE out there and the version number.  The problem is that Cisco can list the version as Cisco IOS XE or IOS-XE.  If we run a job with "Filter results that match a pattern: Cisco IOS XE" we get some results and when we run "Filter results that match a pattern: Cisco IOS-XE" we get other results.  I would like to run a "Filter results that match a pattern:" that matches "Cisco IOS XE" OR "IOS-XE".  Is there an easy way to do this?  And we would rather not do a regex for one character as we may look for other differences in the future.

Additionally we would then like to run a "show running-config | include ip http server|secure-server" in the same job to see if any of those devices have http enabled.  Currently we don't know of a way to run both "show version" AND "show running-config | include ip http server|secure-server" in the same job while searching for "Cisco IOS XE" OR "IOS-XE" from the first line "show version" 

Has anyone here run a similar type of job that can point us in the right direction?

Thank you,

Dwight

  • 0

    It looks like that should support regex, so you can use (a|b) to filter for A or B or you can use [ab] to do the same in theory.

    For your case I would try "Cisco IOS(-XE| XE)", I'm not amazing with regex so you may want to play around with it some, or there might be a way to do it with just the space and dash like "Cisco IOS(\s|-)XE".

  • 0 in reply to jrouviere

    jrouviere​ is correct, the "Filter Results that match a pattern" option has RegEx capabilities, examples can be found here: Filter the results of an executed script

    I personally would not run a "show running config" via Script as this is used anyway by the nightly backup job.

    so for your https Server you could run a compliance report instead.

    hope that helps

  • 0

    Do you need further info on this, did it work out as jrouviere​ and myself suggested?

  • 0 in reply to HerrDoktor

    Thank you jrouviere and HerrDoktor for responding.

    I think I may not have been clear when I created the post (I was in a bit of a rush).  The need was based on a vulnerability found in Cisco devices running IOS XE AND have http or https enabled.  So we were looking for a way to generate a report for all devices that run Cisco IOS XE AND then find "ip http server|secure-server" in it's running config, if it exists. So RegEx definitely helps with the show ver command and will give us a list of devices that run Cisco IOS XE but we are still left not knowing if the devices listed have http running.  We wanted to be able to do both in one script.  Is there a way to do both in one script?

    I hope this helps clear up the request.

  • 0 in reply to kingdwight

    Yep, wow. Not sure how I managed to gloss over the http part. I think I assumed you were just trying to get that little extra for the version and focused in on that.

    Reviewing the Regex examples that are linked to the Job Specific Details part of the job:

    Filter the results of an executed script

    It looks like you do have some options to regex multiple lines.

    One thing stuck out:

    service tcp-keepalives-in.*\n(.*\n)*.*service tcp-keepalives-out

    Finds the first line service tcp-keepalives-in and then looks for service tcp-keepalives-out on any line after that. The regular expression string .*\n(.*\n)*.* is used to search any number of lines between strings.

    So I don't know 100% what your output is that you're looking for, but you can run the commands both in the same job, just list them one after the other:

    show version

    show running-config | include ip http server|secure-server

    (In hindsight if there's a way to just target the job to the specific devices that might solve the Show Version part of it).

    Then the regex would be something like:

    Cisco IOS(-XE| XE).*\n(.*\n)*.*secure-server http enabled

    You may need to play with that some, but that should get you in the same zip code. The first part of it is a total guess on my part, but hopefully you can extrapolate from the above examples and the link. You'd need to put in what the actual string returned is.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.