Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
677
Views
5
Helpful
1
Replies

Compliance report wildcard

tsiemers1
Spotlight
Spotlight

‎11-20-2019 08:11 AM

Looking to see if anybody has a solution or advice on if you can use wildcards during a compliance report run.  Right now I am just using two device-groups with multiple device templates. Would like to do something like below if possible:
Compliance report to find all ios: devices that have the following config that can be either:

ios:event manager policy sl_cscbfdmon920.tcl type user authorization bypass

or 

ios:event manager policy sl_cscbfdmon901.tcl type user authorization bypass

Template

devices template le-csc-eem
 ned-id cisco-ios-cli-6.36
  config
   ios:event manager policy sl_cscbfdmon{$scriptType}.tcl

Compliance

compliance reports report le-csc-eem-report
 compare-template le-csc-eem 470_Lab
  variable scriptType
   value "901|920"
  !

Is it possible to do a wildcard within a variable value?

Labels:
0 Helpful
1 Reply 1

gschudel
Cisco Employee
Cisco Employee

‎11-21-2019 03:34 PM

I've tried the same (a long time ago) - turns out (afaik) there is no capability to "wildcard" in a compliance template...
however, you can think about this pragmatically, if you're trying to do what i was trying to do -which is say... "does the config exist - and i don't care what the variable is... as long as there is one..." (I think this fulfills "wildcard" (match all/any)...)

so... the way i did that was to save the template as XML, and then vi the XML... (it's easier anyway to do that).. and add all the tags you'll need (remember tags="merge" is the default.. but you might want tags="replace" (for things that must exist EXACTLY as listed... (typically lists, like ACLs, prefixes etc.), or... more fun... tags="delete" for things that must NEVER EXIST... (ie.. when you see these, report as deletes in the compliance report -the compliance tool is read-only so it's not actually going to delete anything... the template is just a "what-if"...)

and then... to get the "wildcard-like:" behavior... i used a reference to the actually current element.

 

          <!-- [1]   tftp-server 1.2.3.4    :: ignore any specified address       -->

          <tftp-server xmlns="urn:ios" tags="delete">

              <name>{/../../ncs:devices/device[ncs:name=/device] \

                  /ncs:config/ios:tftp-server/name}</name>

          </tftp-server>

 

this says "if you see ANY tftp-server in IOS config, flag it as illegal (tags="delete")...

(this is old-school above, the new template engine has the context setting features - try that... and you may need a foreach to loop over all the elements... 

 

** i've had to be fairly "creative" in the XML to make the template do what i want for compliance... 

hope that helps :)

 

 

Customers Also Viewed These Support Documents