1 Reply Latest reply on Jul 10, 2019 10:01 AM by HerrDoktor

    NCM Policy Rules / Regex Help

    cmiller123

      I'm trying to build a rule to match within a config block, that will report if any bgp neighbor does not have bgp authentication. The issue I am having is if within the config block there are multiple BGP neighbors, as long as one neighbor has authentication, it wont report any violation.

      NO VIOLATION EXAMPLE:
      router bgp 65000

      bgp log-neighbor-changes

      bgp default local-preference 200

      network 10.1.1.1 mask 255.255.255.255

      neighbor 10.1.1.142 remote-as 65000

      neighbor 10.1.1.142 password saldjfalsdjfasdfj

      neighbor 10.1.1.142 next-hop-self

      neighbor 10.1.1.150 remote-as 65008

      neighbor 10.1.1.150 password wqersadfasdfasf

      neighbor 10.1.1.150 next-hop-self

      maximum-paths ibgp 2

      !

       

      VIOLATION EXAMPLE:

      router bgp 65000

      bgp log-neighbor-changes

      bgp default local-preference 200

      network 10.1.1.1 mask 255.255.255.255

      neighbor 10.1.1.142 remote-as 65000

      neighbor 10.1.1.142 next-hop-self

      neighbor 10.1.1.150 remote-as 65008

      neighbor 10.1.1.150 password wqersadfasdfasf

      neighbor 10.1.1.150 next-hop-self

      maximum-paths ibgp 2

      !

      Unfortunately my policy is not triggering on what should be a policy, because there is at least one match, it does however report the violation if no BGP neighbors have authentication.

      Here is my Regex:
      String is NOT Found
      must contain: (^\s+neighbor 10.*remote-as.*\n
      and
      must contain: ^\s+neighbor 10.*password.*\n)

      In config block
      Begin: router bgp
      End: !


      I have tried doing it as a single line in the must contain, and separated and joined with parenthesis, same result with both methods.









        • Re: NCM Policy Rules / Regex Help
          HerrDoktor

          The "problem" here is, that you need to take the matching string that you found with your regEx (e.g. neighbor 10.1.1.142 = $String)  and find the exact same string as a prefix with a trailing password -> "$String password"

           

          I haven't had the need for this in the past and I am no expert on regEx, but this might give you a starting point where to look further.