We often find when monitoring communication equipment, that there is a need to exclude lines from the gathered configuration that would cause false positives if left.

One of the options available to us is the logon script parameter ‘ExcludeMatchesWithComment’ such as the example below. 

  1. Use the Login Script - ExcludeMatchesWithComment,**Logging Entries Removed**,logging

This will prevent changes to ‘logging’ entries being reported BUT if more logging entries are added, or existing entries removed, these will generate an additional **Logging Entries Removed** or remove one of the existing lines of this nature.

So this is fine if we just need to mask changes to a config setting, but may not be effective if the number of entries changes.

2. Use a regular expression to exclude entries from being tracked. We usually use regular expressions as a positive match ie exclude everything in a file apart from the specific lines of interest. However, it is also possible to use negative regex, example here


This performs a ‘negative lookahead group’ expression based on the word ‘logging’. In other words, only lines that do not contain the word logging get captured.

So when I add a new logging entry, this will be picked up by the ‘startup’ config tracker

But the ‘running’ config tracker shows no changes (it has tracked the change to the config size, but I could of course also exclude this line using either method 1 or 2



NNT has a range of training and managed service offerings to help you get the most of your solution.
Call 1-888-898-0674 or click here to request more information.

USA Offices
New Net Technologies Ltd
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
St Albans


Tel: 08456 585 005
Fax: 08456 122 031
NNT Newsletter
Sign up to receive our monthly newsletter covering breaking security news, how-to-tips, trends and commentary directly to your inbox.

Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies Ltd. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies Ltd.
All other product, company names and trademarks are the property of their respective owners.