More on Regular Expressions
If the regular expressions option was selected when creating a new template, or equivalently, if the line #conform use regular-expression is included at the top of a template, then regular expressions can be used when writing the compliance assessment rules. A typical rule that uses a regular-expression will use the “~=” wildcard operator as in the following example:
if $(interface.name) ~= "Lo*" then print "$(interface.name) is a loopback interface" end
Some of the most basic and most commonly used regular expression syntax are as follows:
. |
Any single character. Note that to match a period exactly, precede the dot with a backslash, “\.” |
* |
Zero or more instances of the previous character |
+ |
One or more of the previous character |
? |
Zero or one of the previous character |
[ ] |
Any character from the set. [ch]at matches “cat” or “hat” |
[^] |
Any character not in the set. |
( ) |
Groups patterns. (cat|hat) matches “cat” or “hat” |
[a-zA-Z] |
Any character from a through z or A through Z, inclusive |
[0-9] |
Any integer from 0 through 9, inclusive |
\ |
Used in front of a reserved regular expression character (such as “.” or “+”), to match that particular character. For example, to match “tacacs+” exactly, “tacacs\+” is required, as the plus sign has a special meaning in regular expression syntax. |
Because some users may accidentally confuse wildcards with regular expressions, the Compliance Assessment Tool automatically converts some statements, as shown in the following examples:
“ATM*” is automatically converted to “ATM.*” - “ATM*” also matches “AT”, which is in most cases unintended by the user.
“*ATM” is automatically converted to “.*ATM” - “*ATM” is actually illegal regular expression syntax.
When used in regular expressions, blank spaces are respected. They are not ignored.
Some examples are shown below:
ip address.* |
To match the ip address. |
description.* |
To match the description. |
tacacs\+ |
To match “tacacs+” exactly, instead of just “tacacs” |
version 12\..* |
To ensure the version begins with “12.” |
net .*00 |
To ensure the net id ends with two zeros |
router eigrp (100|299) |
To match “router eigrp 100” or “router eigrp 299” |
tacacs-server host 192\.122\.[0-9]+\.[0-9]+ |
To ensure the IP address is declared 192.122.x.y where x and y are integers. |