We often find when monitoring communication equipment, that there is a need to exclude lines from the gathered configuration that would cause false positives if left.

One of the options available to us is the logon script parameter ‘ExcludeMatchesWithComment’ such as the example below. 

  1. Use the Login Script - ExcludeMatchesWithComment,**Logging Entries Removed**,logging

This will prevent changes to ‘logging’ entries being reported BUT if more logging entries are added, or existing entries removed, these will generate an additional **Logging Entries Removed** or remove one of the existing lines of this nature.

So this is fine if we just need to mask changes to a config setting, but may not be effective if the number of entries changes.

dashboard

2. Use a regular expression to exclude entries from being tracked. We usually use regular expressions as a positive match ie exclude everything in a file apart from the specific lines of interest. However, it is also possible to use negative regex, example here

^(?:(?!logging).)*$\r?\n?

This performs a ‘negative lookahead group’ expression based on the word ‘logging’. In other words, only lines that do not contain the word logging get captured.

dashboard

So when I add a new logging entry, this will be picked up by the ‘startup’ config tracker

dashboard

But the ‘running’ config tracker shows no changes (it has tracked the change to the config size, but I could of course also exclude this line using either method 1 or 2

dashboard

 

 

NNT has a range of training and managed service offerings to help you get the most of your solution.
Call (844) 898-8362 or click here to request more information.

Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]

 

UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire
AL5 2JQ

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Sans Institute Now Certified IBM Security
Copyright 2021, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.