Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Network Configuration Manager (NCM) > NCM 7.7 Administrator Guide > NCM rules > Manage policy rules

Manage policy rules

Created by Caroline Juszczak, last modified by Anthony.Rinaldi_ret on Jan 12, 2017

Views: 285 Votes: 1 Revisions: 6

A rule verifies policy compliance of a device by specifying a string that either must or must not be present in a configuration file. Rules are collected into policies and applied to specific network devices. Reports of policy violations are generated based on a schedule.

Create a policy rule with basic string matching

  1. Click My Dashboards > Configs > Compliance.
  2. Click Manage Policy Reports .
  3. Click the Manage Rules tab, and click Add New Rule.
  4. Name the rule, and then enter a description.
  5. Select settings for Alert Level and Save in Folder.
  6. Select the type of Alert trigger.
  7. Enter a String and select the String Type.
  8. Create a script under Remediation to modify the lines of configuration if they do not comply with the policy rule.
    • To function properly, a remediation script must include CLI statements that run on the relevant devices. When executed, the script runs through the default communication protocol, such as Telnet or SSH.
    • Your script should put the device into configuration mode, if needed, issue a series of config commands, and then exit config mode.
  9. Select a Remediation Script Type. Your selection determines how SolarWinds NCM executes commands against targeted devices to remediate a policy rule violation.
    • CLI allows SolarWinds NCM to use the commands in the script to change the config.
    • Config Change Template launches the Config Change Template wizard to guide you through executing the script.
  10. Click Test to validate the rule against a device configuration.
  11. Select a config to test the rule against.
  12. Click Test Rule Against Selected Config.
    • Test your rule against at least two nodes and configurations, one known to comply with the rule, the other known not to comply.
    • In testing a rule against a configuration that is not compliant, expect a result that includes the rule and its violation.
  13. Click Select Different Config to continue your rule test on another config.
  14. Click Close, and click Submit.

Create a policy rule with advanced string matching

  1. Click My Dashboards > Configs > Compliance.
  2. Click Manage Policy Reports .
  3. Click the Manage Rules tab, and then click Add New Rule.
  4. Name the rule, and then enter a description.
  5. Select settings for Alert Level and Save in Folder.
  6. Select the type of Alert trigger.
  7. Select Advanced Config Search.
  8. Select the appropriate option in the String Type list.
  9. Type your string or expression in the String field.

    If there are special non-printable characters at the end of the lines in a downloaded config, the $ operator might not match the line end. A test would be to copy lines from a config to a plain text file, using Notepad for example. If you see extra, empty lines that are not in the pasted content, then there are mostly likely non-printable characters in them.

  10. If you want to build conditions into your search, click Add Another String, and then create the string.
  11. Repeat this step for as many strings as you need to define your search.

    For example: You need to search configs for occurrences of the string Access-list in conjunction with different names (Joe, Sam, Tom). To build the appropriate conditions into the search, create the following logic:

    Must Contain ^(?=.*?\bAccess-list\b)(?=.*?\joe\b).*$

    OR Must Contain ^(?=.*?\bAccess-list\b)(?=.*?\sam\b).*$

    OR Must Contain ^(?=.*?\bAccess-list\b)(?=.*?\tom\b).*$

    A violation of this rule logic occurs if SolarWinds NCM finds in a line in a config that includes the string Access-list and the string joe, sam, or tom.

  12. Adjust the operators (And/Or) to determine relationships between strings in the execution of your search. The default operator is and.
  13. Use parentheses to group strings into conditional relationships and to establish relationships between string groups.

    For example, if you had three strings defined, you might put opening and closing parentheses around the first two strings, linking the two with the and operator. Then you might use the or operator to evaluate the last string by itself. The result will be a search that looks for both of the first two configs. If it finds them, the alert is triggered. If it does not find them, but the last string is found, the alert is also triggered. Finally, the alert is triggered if both the first two strings and the last string are found.

  14. Select the search context under Search Config File/Block.
  15. Create a script in Remediation to modify the lines of configuration if they do not comply with the policy rule.
    • To function properly, a remediation script must include CLI statements that run on the relevant devices. When executed, the script runs through the default communication protocol, such as Telnet or SSH.
    • Your script should put the device into configuration mode, if needed, issue a series of config commands, and then exit config mode.
  16. Select a Remediation Script type. Your selection determines how SolarWinds NCM executes commands against targeted devices to remediate a policy rule violation.
    • CLI allows SolarWinds NCM to use the commands in the script to change the config.
    • Config Change Template launches the Config Change Template wizard to guide you through executing the script.
  17. Click Test to validate the rule against a device configuration.
  18. Select a config to test the rule against.
  19. Click Test Rule Against Selected Config.

    Pattern ???line con 0.*\n(.*\n)*.*transport input none??? was not found

    This tells you that the SolarWinds NCM policy software used the regular expression specified under String Matching to search the specified config file and no matches were found. Since it expected to find the specified string, the software generates an alert.

    • Test your rule against at least two nodes and configurations, one known to comply with the rule, the other known not to comply.
    • In testing a rule against a configuration that is not compliant, expect a result that includes the rule and its violation. For example, if you were attempting to disable Reverse-Telnet with your rule, you would see something like this in case the config under test violates the rule:
  20. Click Select Different Config to continue your rule test on another config.
  21. Click Close, and click Submit.

Edit a policy rule

When you run policies in NCM, you may determine that you need to modify a rule in the policy if you are getting false positives on violations.

  1. Click My Dashboards > Configs > Compliance.
  2. Click Manage Policy Reports.
  3. Click the Manage Rules tab.
  4. Select a rule, and click Edit.
  5. Edit the appropriate values.
  6. Click Submit.

Delete a policy rule

  1. Click My Dashboards > Configs > Compliance.
  2. Click Manage Policy Reports.
  3. Click the Manage Rules tab.
  4. Select a rule, and click Delete.
  5. Click Yes.

 

Last modified

Tags

Classifications

Public