I'm trying to build a rule to match within a config block, that will report if any bgp neighbor does not have bgp authentication. The issue I am having is if within the config block there are multiple BGP neighbors, as long as one neighbor has authentication, it wont report any violation.
NO VIOLATION EXAMPLE:
router bgp 65000
bgp log-neighbor-changes
bgp default local-preference 200
network 10.1.1.1 mask 255.255.255.255
neighbor 10.1.1.142 remote-as 65000
neighbor 10.1.1.142 password saldjfalsdjfasdfj
neighbor 10.1.1.142 next-hop-self
neighbor 10.1.1.150 remote-as 65008
neighbor 10.1.1.150 password wqersadfasdfasf
neighbor 10.1.1.150 next-hop-self
maximum-paths ibgp 2
!
VIOLATION EXAMPLE:
router bgp 65000
bgp log-neighbor-changes
bgp default local-preference 200
network 10.1.1.1 mask 255.255.255.255
neighbor 10.1.1.142 remote-as 65000
neighbor 10.1.1.142 next-hop-self
neighbor 10.1.1.150 remote-as 65008
neighbor 10.1.1.150 password wqersadfasdfasf
neighbor 10.1.1.150 next-hop-self
maximum-paths ibgp 2
!
Unfortunately my policy is not triggering on what should be a policy, because there is at least one match, it does however report the violation if no BGP neighbors have authentication.
Here is my Regex:
String is NOT Found
must contain: (^\s+neighbor 10.*remote-as.*\n
and
must contain: ^\s+neighbor 10.*password.*\n)
In config block
Begin: router bgp
End: !
I have tried doing it as a single line in the must contain, and separated and joined with parenthesis, same result with both methods.