Compliance checks based on commands
About Command checks
NetYCE compliance can be used to validate state of device by issuing show commands.
Below is an example where we would be validating NTP status of a Cisco IOS device.
Not working CLI output:
CoreRouter#show ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**24
reference time is 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
Working CLI output:
CoreRouter#show ntp status
Clock is synchronized, stratum 3, reference is 146.185.130.22
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**24
reference time is D76513B4.66A4CDA6 (12:40:20.400 UTC Mon Jul 7 2014)
We can observe that the "unsynchronized" word in the command output would mean that the NTP is not working. So we shall prepare the policy to validate the NTP status using this condition.
Creating compliance policy, rules and condition:
Creating Policy
(1) Compliance -> (2) Policies -> (3) New -> (4) Name: NTP Test -> (5) Save
Creating Rule
Under Rule : (1) New -> (2) Name: ntp status -> (3) Rule type: Command -> (4) Vendor: Cisco_IOS -> (5) Command -> (6) Save
Creating Logic
(1) New -> (2) Must not contain : (3) unsynchronized -> (4) Lines contain regular expressions -> (5) Save
For testing the results, refer to the article: How to test Compliance Policy
For creating reports, refer to the article: How to create Compliance Reports
Related Articles
F5 load balancer - How to create compliance policies
This article is a technical overview of the basics of compliance, and how you can check that a node's config contains the lines you want it to contain. What you need is a node, modeled in NetYCE (CMDB works as well) that has a configuration stored in ...Network compliance using CIS benchmark
About CIS Policies: CIS benchmark was created using a consensus review process comprised of subject matter experts. Consensus participants provide perspective from a diverse set of backgrounds including consulting, software development, audit and ...Exporting and/or Importing Compliance policies
We can easily export/import Compliance policies from one system to other. We can also import HPNA compliance policies into NetYCE system. Exporting Policies (1) Compliance -> (2) Polices -> (3) Select the desired policies -> (4) Export This generates ...Compliance dashboard and detailed reporting
You can greatly improve network availability & security by validating if your network is compliant. Just enter your policies & rules in Network Compliance and off you go! Check my blog: All you need to know about Compliance Policies. Let's say you've ...Troubleshooting Network Compliance
Knowing when Compliance runs Before diving into compliance, below are the actions that trigger network compliance. A NetYCE job changes the configuration. A configuration backup during the job would trigger the NCCM poller. NetYCE can also be ...