Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

More on Regular Expressions

If the regular expressions option was selected when creating a new template, or equivalently, if the line #conform use regular-expression is included at the top of a template, then regular expressions can be used when writing the compliance assessment rules. A typical rule that uses a regular-expression will use the “~=” wildcard operator as in the following example:

Some of the most basic and most commonly used regular expression syntax are as follows:

.

Any single character. Note that to match a period exactly, precede the dot with a backslash, “\.”

*

Zero or more instances of the previous character

+

One or more of the previous character

?

Zero or one of the previous character

[ ]

Any character from the set. [ch]at matches “cat” or “hat”

[^]

Any character not in the set.

( )

Groups patterns. (cat|hat) matches “cat” or “hat”

[a-zA-Z]

Any character from a through z or A through Z, inclusive

[0-9]

Any integer from 0 through 9, inclusive

\

Used in front of a reserved regular expression character (such as “.” or “+”), to match that particular character. For example, to match “tacacs+” exactly, “tacacs\+” is required, as the plus sign has a special meaning in regular expression syntax.

Because some users may accidentally confuse wildcards with regular expressions, the Compliance Assessment Tool automatically converts some statements, as shown in the following examples:

  • “ATM*” is automatically converted to “ATM.*” - “ATM*” also matches “AT”, which is in most cases unintended by the user.

  • “*ATM” is automatically converted to “.*ATM” - “*ATM” is actually illegal regular expression syntax.

Note:

When used in regular expressions, blank spaces are respected. They are not ignored.

Some examples are shown below:

ip address.*

To match the ip address.

description.*

To match the description.

tacacs\+

To match “tacacs+” exactly, instead of just “tacacs”

version 12\..*

To ensure the version begins with “12.”

net .*00

To ensure the net id ends with two zeros

router eigrp (100|299)

To match “router eigrp 100” or “router eigrp 299”

tacacs-server host 192\.122\.[0-9]+\.[0-9]+

To ensure the IP address is declared 192.122.x.y where x and y are integers.