Creating compliance definitions using native CLI configuration lines
A compliance definition may contain one or more native command lines (CLI) and use evaluation criteria to match these CLI lines against the device configuration stored in ITNCM-Compliance, which are automatically synchronized from ITNCM - Base each time the configuration changes. Use this procedure to create compliance definitions using native CLI configuration lines.
Before you begin
It is simple for a user to copy an existing definition, and modify some of its components to create a new definition.
Use the Create a Definition window of the User Interface to create a new compliance definition using native CLI configuration lines.
About this task
Follow these steps to create a compliance definition using native CLI configuration lines.
Procedure
- Select Create->Compliance Definition.
The Create a Definition window displays.
- Use the following descriptions as a guide to entering the
appropriate information in the Create a Definition window.
- Name
- Name chosen to identify the compliance definition. The maximum number of characters for the name is 255. This is a mandatory field.
- Description
- Brief narrative attached to the compliance definition to be created that explains its function and use. The maximum number of characters is 4000.
- Revision
- This number is automatically assigned and initially given a value of 1. Each time the compliance definition is edited, the revision number increments by 1. This is for versioning control. The revision changes only if the entity is active.
- Select Definition Type
- Radio buttons that allow you to create the following types of
compliance definitions:
Radio button Description Create compliance definition using CLI configuration lines Select this definition type if you want to define a Compliance Definition with a native definition that uses a stored configuration. Selecting this option causes the Enter Native Definition Details (CLI configuration lines) window to display. Create compliance definition using Native Commands Select this definition type if you want to define a Compliance Definition with Native Commands. Selecting this option causes the Enter Native Definition Details (Native Commands) window to display. Create compliance definition using a Device Model Select this definition type if you want to define a Compliance Definition with a modeled definition. Selecting this option causes the Enter Modeled Definition Details window to display. Create compliance definition using a Script Select this definition type if you want to define a Compliance Definition with a script. Selecting this option causes the Enter Script-Based Definition Details window to display. Create compliance definition using a Golden Configuration Select this definition type if you want to define a Compliance Definition using a device’s golden configuration as a template for automatically generating evaluations. Selecting this option causes the Select a Golden Device window to display. - Prev
- Go to the previous selection.
- Next
- Go to the next selection.
- Finish
- Complete process.
- Cancel
- Cancel activities.
- Select the Create compliance definition using
CLI configuration lines radio button, and then click Next.
The Enter Native Definition Details (CLI configuration lines) window displays.
- Use the following descriptions as a guide to entering the
appropriate information in the Enter Native Definition Details (CLI
configuration lines) window.
- Evaluation Line
- The value or expression on which you want to search.
- Parameters
- This is an optional field. This field provides a drop down list
for the type of parameter you want. There is also an Insert
Parameter button used to insert the parameter.Note: Placing a parameter inside another parameter is not supported.
- Match Criteria
- Specifies a drop down list for the criteria used to match the
device configuration. The following table describes the options in
the drop down list:
Match option Description Match All
Matches all evaluations added to the Compliance Definition.
Match Any
Matches any of the evaluations added to the Compliance Definition.
Match None
Matches none of the evaluations added must be found in the Device Configuration.
Match One
Matches only one of the evaluations added to the Compliance Definition. If more than one of the evaluations are matched, the match fails.
Match Exactly
Find and match all evaluations, and only these evaluations. If any found outside this criteria, the test result will Fail.
Match Specific Number
Matches a specific number of evaluations as defined by the user. For example, Match 2 out of the 6 evaluations listed. This choice activates an integer field called Specific Number.
- Number
- This is activated when the Match Specific Number option is chosen. An integer must be entered here.
- Evaluation Result if Context not found
- You can opt to choose the result you wish to receive if the context
is not found. The options are: Fail, Pass, Not Assessed, Not Applicable.
If there are a number of different results, the overall result will be Pass as long as there are no Fails in the result. For example you may have two Not Applicable result and one Pass, or all Not Applicable; the overall result will be Pass.
- Evaluation List Criteria
- Used to match evaluations shown in the list.
See Match Criteria (for Group/Extraction Parameter values) above for explanation of choices available.
- Regex Tool
- You use the regex tool to test native definition regular expressions
against a device configuration or a snippet of CLI. The regex tool
is available for both definitions using native CLI configuration lines,
and using native commands. You can either create your regex in the
tool, or edit it using the text in the evaluation field.
Regex Tool window elements Description Tabs
You can add as many tabs as your memory allows. The regex in the Regex Pattern field is applied to each tab and the matches are highlighted.- To create a new tab, click the green plus (+).
- To delete a tab, click the red X.
- To rename a tab, double-click the name.
Note: The test tabs are only available when the wizard is open.Regex Test Data evaluation field Configurations are displayed here, as are any matches when the regex is run.
Matches are alternately highlighted in yellow and blue.
The Import Device icon is displayed under the first tab. Using this, you can import a configuration from a device into the Regex Test Data field.
When you click this option, the Device Select dialog opens. Drill down into the device realms and select a device. Click OK to populate the Regex Test Data field
This icon is displayed next to the Device tree icon. Using this, you can import a configuration from a text file into the Regex Test Data field.
When you click this option, a standard file selection dialog opens. Drill down into your folders and select a file.Note: You can only select a text file.Click Open to populate the Regex Test Data field with the contents of the selected text file.These icons are displayed next to the Import File icon.
Once you have obtained matches, the arrow icons are enabled and you can use them to move from match to match.
Matches in the evaluation window are alternately highlighted in yellow and blue.
Currently selected matches are highlighted in grey.
These are enabled if there are matches on the selected tab. Up arrow highlights the previous match, down arrow highlights the next match. Current highlight matches are highlighted in grey
Regex Pattern field
Enter the regular expression for testing into the Regex Pattern field.
Match
Execute the test against all open tabs, and highlight the matches in each tab with a count of the number of matches returned on each tab.
Clear Matches
Clear the matches highlighted, as well as the Match count on each tab.
OK
Move the regular expression in the Regex Pattern field into the Regex Test Data field.
Cancel
Closes the Regex Tool window.
Menu bar All options described are also available from the menu bar (File, Edit, Regex, Tabs):- Edit
- In addition to the button options, you can access the cut, copy and paste functionality from the Edit menu.
- Regex
- In addition to the Regex button options, you can access a History dropdown from the Regex menu.
- The last ten successful matches are stored as history, with the most recent one at the top.
Note: If the regex is over a certain length, the History dropdown list displays a truncated version of it. - Add
- Adds another selection.
- Update
- Updates screen.
- Edit
- Edits current selection.
- Delete
- Deletes current selection.
- Test
- The definition test button is enabled when editing or creating a definition, but not when opening a definition. Also, it is only available for modeled and native definitions (not scripts).
- You use the definition test functionality to execute a definition against all open tabs, and view the results.
- You can test definitions using native CLI configuration lines,
native commands or device models. You can view results in the evaluation
list either in detail, or as a summary.
Definition Test window elements Description Definition Test window When you click Test, the Definition Test window is displayed (it resembles the Regex Tool window).
When you import definitions from a device, the type of definition you are creating determines what content is imported from the device:- For modeled definitions
- Imports the xml configuration from the device.
- For native CLI definitions
- Imports the CLI configuration for the device.
- For native commands definitions
- Imports the show commands from the device into the text area in the tab.
Warning: Importing a text file from a file with an xml extension may result in an error when you execute the test.Tabs
You can add as many tabs as your memory allows. The definition is applied to each tab and the results are flagged on the tabs.- Green flag
- Passed
- Red flag
- Failed
- Yellow flag
- Not assessed
Evaluation list Results are displayed in the Evaluation list under a number of columns.- Evaluation
- 532: Is the same as XPath
- 533: Is the same as Evaluation Line
- 534: Is the same as Evaluation Line
- This is the search criteria for the Definition or the XPath to search for in the case of Device Models
- Match Criteria
- The criteria used to match the device configuration: Match All, Match Any, None, One, Exactly, Specific Number
- Match Criteria Argument
- 532: Is the same as Number
- 533: Is the same as Number
- 534: Is the same as Number
- Only available on group parameters and extractions. Same as Match Specific Number.
- Default Result
- The default result is the value defined in the Evaluation
Result if Context not found option, that is, one of Fail,
Pass, Not Assessed, and Not Applicable.Note: If there are a number of different results, the overall result will be Pass as long as there are no Fails in the result. For example you may have two Not Applicable result and one Pass, or all Not Applicable; the overall result will be Pass.
- User can opt to choose the result they wish to receive if the context is not found. The options are: Fail, Pass, Not Assessed, Not Applicable.
- If there are a number of different results, the overall result will be Pass as long as there are no Fails in the result. For example you may have two Not Applicable result and one Pass, or all Not Applicable; the overall result will be Pass.
- Result
- Green text = Pass, Red text = Fail, Yellow text = Not Assessed/Not Applicable, Blue text =Error
Restriction: Script parameters and extractions are not supported. If any are found in the evaluation they will not be assessed during the test, and the overall definition result will be not assessed.Details mode You can toggle between Details and Summary mode to select the level of detail displayed in the test results. When in Summary mode, you can click on each evaluation to display detailed results. Clear all Clears the results from the Evaluation List and tabs. Test Click to run the test Close Closes the Definition Test window.Note: The test tabs are only available when the window is open.Menu bar All options described are also available from the menu bar (File, Edit, Mode, Tabs).
When an Evaluation is added to the list, it will appear in the lower section of the window. The Choose a Save Location window displays.
- Navigate through the tree structure, and choose the location to which you want to save the Compliance Definition. Otherwise, it is possible to create a new folder from here if required.
- Click Finish to complete the creation of the compliance definition.
What to do next
You can create another compliance definition using Native Commands by following the instructions in this procedure.