More on Regular Expressions
If the regular expressions option was selected when creating a new template, or equivalently, if the line #conform use regular-expression is included at the top of a template, then regular expressions can be used when writing the compliance assessment rules. A typical rule that uses a regular-expression will use the “~=” wildcard operator as in the following example:
print "$(interface.name) is a loopback interface"
Some of the most basic and most commonly used regular expression syntax are as follows:
Any single character. Note that to match a period exactly, precede the dot with a backslash, “\.”
Zero or more instances of the previous character
One or more of the previous character
Zero or one of the previous character
Any character from the set. [ch]at matches “cat” or “hat”
Any character not in the set.
Groups patterns. (cat|hat) matches “cat” or “hat”
Any character from a through z or A through Z, inclusive
Any integer from 0 through 9, inclusive
Used in front of a reserved regular expression character (such as “.” or “+”), to match that particular character. For example, to match “tacacs+” exactly, “tacacs\+” is required, as the plus sign has a special meaning in regular expression syntax.
Because some users may accidentally confuse wildcards with regular expressions, the Compliance Assessment Tool automatically converts some statements, as shown in the following examples:
“ATM*” is automatically converted to “ATM.*” - “ATM*” also matches “AT”, which is in most cases unintended by the user.
“*ATM” is automatically converted to “.*ATM” - “*ATM” is actually illegal regular expression syntax.
When used in regular expressions, blank spaces are respected. They are not ignored.
Some examples are shown below:
To match the ip address.
To match the description.
To match “tacacs+” exactly, instead of just “tacacs”
To ensure the version begins with “12.”
To ensure the net id ends with two zeros
router eigrp (100|299)
To match “router eigrp 100” or “router eigrp 299”
tacacs-server host 192\.122\.[0-9]+\.[0-9]+
To ensure the IP address is declared 192.122.x.y where x and y are integers.