This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

NCM Policy Rules / Regex Help

I'm trying to build a rule to match within a config block, that will report if any bgp neighbor does not have bgp authentication. The issue I am having is if within the config block there are multiple BGP neighbors, as long as one neighbor has authentication, it wont report any violation.

NO VIOLATION EXAMPLE:
router bgp 65000

bgp log-neighbor-changes

bgp default local-preference 200

network 10.1.1.1 mask 255.255.255.255

neighbor 10.1.1.142 remote-as 65000

neighbor 10.1.1.142 password saldjfalsdjfasdfj

neighbor 10.1.1.142 next-hop-self

neighbor 10.1.1.150 remote-as 65008

neighbor 10.1.1.150 password wqersadfasdfasf

neighbor 10.1.1.150 next-hop-self

maximum-paths ibgp 2

!

VIOLATION EXAMPLE:

router bgp 65000

bgp log-neighbor-changes

bgp default local-preference 200

network 10.1.1.1 mask 255.255.255.255

neighbor 10.1.1.142 remote-as 65000

neighbor 10.1.1.142 next-hop-self

neighbor 10.1.1.150 remote-as 65008

neighbor 10.1.1.150 password wqersadfasdfasf

neighbor 10.1.1.150 next-hop-self

maximum-paths ibgp 2

!

Unfortunately my policy is not triggering on what should be a policy, because there is at least one match, it does however report the violation if no BGP neighbors have authentication.

Here is my Regex:
String is NOT Found
must contain: (^\s+neighbor 10.*remote-as.*\n
and
must contain: ^\s+neighbor 10.*password.*\n)

In config block
Begin: router bgp
End: !


I have tried doing it as a single line in the must contain, and separated and joined with parenthesis, same result with both methods.









  • The "problem" here is, that you need to take the matching string that you found with your regEx (e.g. neighbor 10.1.1.142 = $String)  and find the exact same string as a prefix with a trailing password -> "$String password"

    I haven't had the need for this in the past and I am no expert on regEx, but this might give you a starting point where to look further.