• State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 25 subscribers
  • Views 126 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

RFE - Section Awareness & Configuration Blocks

JustinY

I have some configurations that apply to specific interfaces based on their role usually identified by the description. 

It would be great if we could identify a "section" based on a string ie "description DS[1|3]IT", "description outside", "description inside" or "description Isolated" then search that "section" for the required configuration string or configuration block.  Then if needed the remediation could be applied to the violating "section".  I have tried to get something like this to work but not much luck.

This could be used to ensure that a specific ACL "block" exists and that it is applied to a specific interface or group of interfaces.

  • 0

    I think we have introduced in NCM 6.1 what you are looking for: the ability to define compliance rules that apply only to blocks of config (vs. entire config), defined by a begin and end string.

    This new feature is available in both the WEB Integration WEB UI and the Win32 app.

    See snapshots before, showing a DISA STIGs compliance rule leveraging this new capability.

    Hope this helps

  • 0 in reply to fcaron

    Close but its not really section aware.  It cannot report on what section is in violation of the config and it has no method to remediate the violating section.

    I should have also included "Conditional/Nested RegEx Expressions" with this request but it makes for a pretty big RFE.

    For example I would like to check every block begin "interface Fast*" and ends with "!"  So far thats doable.

    I want to search for interfaces that contain the following.
    IF "description DS[13]IT|description Trunk:.*"
    THEN "ip verify unicast reverse-path"

    The remediation script would need an expression for the section in violation and then recourse through each of the violating sections and fix them. 
    conf t
    {ViolatingSection}
    ip verify unicast reverse-path
    exit
    exit
    write mem

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.