VoyenceControl: How do I create a looping compliance audit for multiple begin/end with sections of a configuration?
search cancel

VoyenceControl: How do I create a looping compliance audit for multiple begin/end with sections of a configuration?

book

Article ID: 331268

calendar_today

Updated On:

Products

VMware Smart Assurance

Environment

VMware Smart Assurance - NCM

Resolution

How do I create a looping compliance audit for multiple begin/end with sections of a VoyenceControl configuration?



You can create a looping compliance test in VoyenceControl to check for the existence of something in an interface and correct each interface in one batch. The looping compliance test will loop for all content between each instance of interface <name> and the ! at the end of that interface in the configuraiton. For example, to check for interfaces set to auto duplex and change them to full-duplex, you could do the following:

  1. Create a new test and name it with the following preconditions:
     
    • Begin with 'interface (\S+)
    • End with '!'

       
  2. Create a check pattern and name it with the following settings:
     
    • Select 'Not Contain' and 'Backtracking' (see Note statement)
    • Enter the text that should not be contained in each interface.  Example: 'duplex auto'
    • Enter the change you want to apply at the bottom as follows:

      interface $1
      full-duplex

      Note: $1 is the interface name captured in the precondition.

       
  3. Create a standard, name it, and link the standard to the test created above. 
  4. Set the types of devices to which this standard applies by selecting all of the Cisco IOS devices and adding them.
  5. Right-click on a device, select compliance audit, and select the standard you created in the preceding steps.


Additional Information

Backtracking is used to carry forward variables in the precondition. In this case, it is used for the interface name and set to run the check pattern for each occurrence in the configuration, where it began with an interface and stopped at the ! mark.