Creating compliance definitions using native CLI configuration lines

A compliance definition may contain one or more native command lines (CLI) and use evaluation criteria to match these CLI lines against the device configuration stored in ITNCM-Compliance, which are automatically synchronized from ITNCM - Base each time the configuration changes. Use this procedure to create compliance definitions using native CLI configuration lines.

Before you begin

It is simple for a user to copy an existing definition, and modify some of its components to create a new definition.

Use the Create a Definition window of the User Interface to create a new compliance definition using native CLI configuration lines.

About this task

Follow these steps to create a compliance definition using native CLI configuration lines.

Procedure

  1. Select Create->Compliance Definition.

    The Create a Definition window displays.

  2. Use the following descriptions as a guide to entering the appropriate information in the Create a Definition window.
    Name
    Name chosen to identify the compliance definition. The maximum number of characters for the name is 255. This is a mandatory field.
    Description
    Brief narrative attached to the compliance definition to be created that explains its function and use. The maximum number of characters is 4000.
    Revision
    This number is automatically assigned and initially given a value of 1. Each time the compliance definition is edited, the revision number increments by 1. This is for versioning control. The revision changes only if the entity is active.
    Select Definition Type
    Radio buttons that allow you to create the following types of compliance definitions:
    Radio button Description
    Create compliance definition using CLI configuration lines Select this definition type if you want to define a Compliance Definition with a native definition that uses a stored configuration. Selecting this option causes the Enter Native Definition Details (CLI configuration lines) window to display.
    Create compliance definition using Native Commands Select this definition type if you want to define a Compliance Definition with Native Commands. Selecting this option causes the Enter Native Definition Details (Native Commands) window to display.
    Create compliance definition using a Device Model Select this definition type if you want to define a Compliance Definition with a modeled definition. Selecting this option causes the Enter Modeled Definition Details window to display.
    Create compliance definition using a Script Select this definition type if you want to define a Compliance Definition with a script. Selecting this option causes the Enter Script-Based Definition Details window to display.
    Create compliance definition using a Golden Configuration Select this definition type if you want to define a Compliance Definition using a device’s golden configuration as a template for automatically generating evaluations. Selecting this option causes the Select a Golden Device window to display.
    Prev
    Go to the previous selection.
    Next
    Go to the next selection.
    Finish
    Complete process.
    Cancel
    Cancel activities.
  3. Select the Create compliance definition using CLI configuration lines radio button, and then click Next.

    The Enter Native Definition Details (CLI configuration lines) window displays.

  4. Use the following descriptions as a guide to entering the appropriate information in the Enter Native Definition Details (CLI configuration lines) window.
    Evaluation Line
    The value or expression on which you want to search.
    Parameters
    This is an optional field. This field provides a drop down list for the type of parameter you want. There is also an Insert Parameter button used to insert the parameter.
    Note: Placing a parameter inside another parameter is not supported.
    Match Criteria
    Specifies a drop down list for the criteria used to match the device configuration. The following table describes the options in the drop down list:
    Match option Description

    Match All

    Matches all evaluations added to the Compliance Definition.

    Match Any

    Matches any of the evaluations added to the Compliance Definition.

    Match None

    Matches none of the evaluations added must be found in the Device Configuration.

    Match One

    Matches only one of the evaluations added to the Compliance Definition. If more than one of the evaluations are matched, the match fails.

    Match Exactly

    Find and match all evaluations, and only these evaluations. If any found outside this criteria, the test result will Fail.

    Match Specific Number

    Matches a specific number of evaluations as defined by the user. For example, Match 2 out of the 6 evaluations listed. This choice activates an integer field called Specific Number.

    Number
    This is activated when the Match Specific Number option is chosen. An integer must be entered here.
    Evaluation Result if Context not found
    You can opt to choose the result you wish to receive if the context is not found. The options are: Fail, Pass, Not Assessed, Not Applicable.

    If there are a number of different results, the overall result will be Pass as long as there are no Fails in the result. For example you may have two Not Applicable result and one Pass, or all Not Applicable; the overall result will be Pass.

    Evaluation List Criteria
    Used to match evaluations shown in the list.

    See Match Criteria (for Group/Extraction Parameter values) above for explanation of choices available.

    Regex Tool
    You use the regex tool to test native definition regular expressions against a device configuration or a snippet of CLI. The regex tool is available for both definitions using native CLI configuration lines, and using native commands. You can either create your regex in the tool, or edit it using the text in the evaluation field.
    Regex Tool window elements Description

    Tabs

    You can add as many tabs as your memory allows. The regex in the Regex Pattern field is applied to each tab and the matches are highlighted.
    • To create a new tab, click the green plus (+).
    • To delete a tab, click the red X.
    • To rename a tab, double-click the name.
    Note: The test tabs are only available when the wizard is open.
    Regex Test Data evaluation field

    Configurations are displayed here, as are any matches when the regex is run.

    Matches are alternately highlighted in yellow and blue.

    Import Device

    The Import Device icon is displayed under the first tab. Using this, you can import a configuration from a device into the Regex Test Data field.

    When you click this option, the Device Select dialog opens. Drill down into the device realms and select a device. Click OK to populate the Regex Test Data field

    Import File

    This icon is displayed next to the Device tree icon. Using this, you can import a configuration from a text file into the Regex Test Data field.

    When you click this option, a standard file selection dialog opens. Drill down into your folders and select a file.
    Note: You can only select a text file.
    Click Open to populate the Regex Test Data field with the contents of the selected text file.
    Up arrow
    Down arrow

    These icons are displayed next to the Import File icon.

    Once you have obtained matches, the arrow icons are enabled and you can use them to move from match to match.

    Matches in the evaluation window are alternately highlighted in yellow and blue.

    Currently selected matches are highlighted in grey.

    These are enabled if there are matches on the selected tab. Up arrow highlights the previous match, down arrow highlights the next match. Current highlight matches are highlighted in grey

    Regex Pattern field

    Enter the regular expression for testing into the Regex Pattern field.

    Match

    Execute the test against all open tabs, and highlight the matches in each tab with a count of the number of matches returned on each tab.

    Clear Matches

    Clear the matches highlighted, as well as the Match count on each tab.

    OK

    Move the regular expression in the Regex Pattern field into the Regex Test Data field.

    Cancel

    Closes the Regex Tool window.

    Menu bar
    All options described are also available from the menu bar (File, Edit, Regex, Tabs):
    Edit
    In addition to the button options, you can access the cut, copy and paste functionality from the Edit menu.
    Regex
    In addition to the Regex button options, you can access a History dropdown from the Regex menu.
    The last ten successful matches are stored as history, with the most recent one at the top.
    Note: If the regex is over a certain length, the History dropdown list displays a truncated version of it.
    Add
    Adds another selection.
    Update
    Updates screen.
    Edit
    Edits current selection.
    Delete
    Deletes current selection.
    Test
    The definition test button is enabled when editing or creating a definition, but not when opening a definition. Also, it is only available for modeled and native definitions (not scripts).
    You use the definition test functionality to execute a definition against all open tabs, and view the results.
    You can test definitions using native CLI configuration lines, native commands or device models. You can view results in the evaluation list either in detail, or as a summary.
    Definition Test window elements Description
    Definition Test window

    When you click Test, the Definition Test window is displayed (it resembles the Regex Tool window).

    When you import definitions from a device, the type of definition you are creating determines what content is imported from the device:
    For modeled definitions
    Imports the xml configuration from the device.
    For native CLI definitions
    Imports the CLI configuration for the device.
    For native commands definitions
    Imports the show commands from the device into the text area in the tab.
    Warning: Importing a text file from a file with an xml extension may result in an error when you execute the test.

    Tabs

    You can add as many tabs as your memory allows. The definition is applied to each tab and the results are flagged on the tabs.
    Green flag
    Passed
    Red flag
    Failed
    Yellow flag
    Not assessed
    Evaluation list
    Results are displayed in the Evaluation list under a number of columns.
    Evaluation
    532: Is the same as XPath
    533: Is the same as Evaluation Line
    534: Is the same as Evaluation Line
    This is the search criteria for the Definition or the XPath to search for in the case of Device Models
    Match Criteria
    The criteria used to match the device configuration: Match All, Match Any, None, One, Exactly, Specific Number
    Match Criteria Argument
    532: Is the same as Number
    533: Is the same as Number
    534: Is the same as Number
    Only available on group parameters and extractions. Same as Match Specific Number.
    Default Result
    The default result is the value defined in the Evaluation Result if Context not found option, that is, one of Fail, Pass, Not Assessed, and Not Applicable.
    Note: If there are a number of different results, the overall result will be Pass as long as there are no Fails in the result. For example you may have two Not Applicable result and one Pass, or all Not Applicable; the overall result will be Pass.
    User can opt to choose the result they wish to receive if the context is not found. The options are: Fail, Pass, Not Assessed, Not Applicable.
    If there are a number of different results, the overall result will be Pass as long as there are no Fails in the result. For example you may have two Not Applicable result and one Pass, or all Not Applicable; the overall result will be Pass.
    Result
    Green text = Pass, Red text = Fail, Yellow text = Not Assessed/Not Applicable, Blue text =Error
    Restriction: Script parameters and extractions are not supported. If any are found in the evaluation they will not be assessed during the test, and the overall definition result will be not assessed.
    Details mode You can toggle between Details and Summary mode to select the level of detail displayed in the test results. When in Summary mode, you can click on each evaluation to display detailed results.
    Clear all Clears the results from the Evaluation List and tabs.
    Test Click to run the test
    Close
    Closes the Definition Test window.
    Note: The test tabs are only available when the window is open.
    Menu bar

    All options described are also available from the menu bar (File, Edit, Mode, Tabs).

    When an Evaluation is added to the list, it will appear in the lower section of the window. The Choose a Save Location window displays.

  5. Navigate through the tree structure, and choose the location to which you want to save the Compliance Definition. Otherwise, it is possible to create a new folder from here if required.
  6. Click Finish to complete the creation of the compliance definition.

What to do next

You can create another compliance definition using Native Commands by following the instructions in this procedure.