We often find when monitoring communication equipment, that there is a need to exclude lines from the gathered configuration that would cause false positives if left.

One of the options available to us is the logon script parameter ‘ExcludeMatchesWithComment’ such as the example below. 

  1. Use the Login Script - ExcludeMatchesWithComment,**Logging Entries Removed**,logging

This will prevent changes to ‘logging’ entries being reported BUT if more logging entries are added, or existing entries removed, these will generate an additional **Logging Entries Removed** or remove one of the existing lines of this nature.

So this is fine if we just need to mask changes to a config setting, but may not be effective if the number of entries changes.

dashboard

2. Use a regular expression to exclude entries from being tracked. We usually use regular expressions as a positive match ie exclude everything in a file apart from the specific lines of interest. However, it is also possible to use negative regex, example here

^(?:(?!logging).)*$\r?\n?

This performs a ‘negative lookahead group’ expression based on the word ‘logging’. In other words, only lines that do not contain the word logging get captured.

dashboard

So when I add a new logging entry, this will be picked up by the ‘startup’ config tracker

dashboard

But the ‘running’ config tracker shows no changes (it has tracked the change to the config size, but I could of course also exclude this line using either method 1 or 2

dashboard

 

 

NNT has a range of training and managed service offerings to help you get the most of your solution.
Call (844) 898-8362 or click here to request more information.

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.