3 Replies Latest reply on Nov 6, 2019 1:27 PM by doug.sirek

    NCM Compliance - Policy Rule Variables

    doug.sirek

      Is there a way to pass variables (i.e. custom properties for the node) into the string matching section (similar to what you can do in NCM scripting ${Custom_Property_Name}? We want to be able to check for site specific routes on core switches and it seems this feature is lacking in the string matching section.

        • Re: NCM Compliance - Policy Rule Variables
          jadey

          I would like to take is a step further and include the ability to run a configuration template like script.  The script would return the search pattern to look for.

           

          /*

          .CHANGE_TEMPLATE_DESCRIPTION

                  Configure device hostname

          .CHANGE_TEMPLATE_TAGS

          Cisco

          .PLATFORM_DESCRIPTION

                  Cisco IOS

          .PARAMETER_LABEL @ContextNode

                  NCM Node

          .PARAMETER_DESCRIPTION @ContextNode

                  The node the template will operate on.  All templates require this by default. The target node is selected during the first part of the wizard so it will not be available for selection when defining values of variables.

          */

          script SearchScript ( NCM.Nodes @ContextNode )

          {

            int @SearchLocation = indexof(@ContextNode.SysName, '.')

            if (@SearchLocation == 0)

            {

               @SearchLocation = StrLength(@ContextNode.SysName)

            } else {

               @SearchLocation = @SearchLocation - 1

            }

            string @STRhostname = substring(@ContextNode.SysName, 1, @SearchLocation)

           

            SEARCH-RETURN

            {

              REGEX '^hostname @STRhostname'

            }

          }

           

           

          The return could even be a advanced search like

           

          ADV-SEARCH-RETURN

          {

            STRING 'exec-timeout 30' AND STRING 'session-timeout 30'

          }

          WHERE

          {

          CONFIG-BLOCK-START REGEX '^line vty 0 4'

          CONFIG-BLOCK-END REGEX '^(!|end)'

          }

           

          These are simplified examples.  Using a scripting language could allow for more complex search patterns that are dependent on the device that is being checked.

          • Re: NCM Compliance - Policy Rule Variables
            Mark Roberts

            I do not believe this is currently possible, but will come back if I can find a way to do so.

             

            I suggest you add this as a feature request as I can see the benefit of being able to reference such values in the search parameters, whether Regex or plain text.