We often find when monitoring communication equipment, that there is a need to exclude lines from the gathered configuration that would cause false positives if left.

One of the options available to us is the logon script parameter ‘ExcludeMatchesWithComment’ such as the example below. 

  1. Use the Login Script - ExcludeMatchesWithComment,**Logging Entries Removed**,logging

This will prevent changes to ‘logging’ entries being reported BUT if more logging entries are added, or existing entries removed, these will generate an additional **Logging Entries Removed** or remove one of the existing lines of this nature.

So this is fine if we just need to mask changes to a config setting, but may not be effective if the number of entries changes.

2. Use a regular expression to exclude entries from being tracked. We usually use regular expressions as a positive match ie exclude everything in a file apart from the specific lines of interest. However, it is also possible to use negative regex, example here

^(?:(?!logging).)*$\r?\n?

This performs a ‘negative lookahead group’ expression based on the word ‘logging’. In other words, only lines that do not contain the word logging get captured.

So when I add a new logging entry, this will be picked up by the ‘startup’ config tracker

But the ‘running’ config tracker shows no changes (it has tracked the change to the config size, but I could of course also exclude this line using either method 1 or 2

 

 

NNT has a range of training and managed service offerings to help you get the most of your solution.
Call 1-888-898-0674 or click here to request more information.

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies LLC
Rivers Lodge
West Common
Harpenden
Hertfordshire
AL5 2JN

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.