Using RME baseline templates to find non-compliant SNMP strings
Running LMS3.2.1
A. Can I run a compliance check using RME baseline template to find devices which have non standard SNMP strings IN ADDITION to the correct one?
How will the regular expression look like if we want to say
+ snmp-server community cisco123 ro
+ snmp-server community cisco456 rw 1
- snmp-server community [anything else] ro
- snmp-server community [anything else] rw [#.*#]
B. Is it possible to run a clean up job on the violating devices by using DEPLOY (or NetConfig, etc.)?
- [#snmp-server community (?!cisco123|cisco456).*#]
+ snmp-server community cisco123 RO
+ snmp-server community cisco456 RW
From the compliance job result GUI, you can deploy the job directly after verifying the results. When you deploy this template, it will remove any community that does not match "cisco123" or "cisco456", and then add them if the device does not already have them.
Similar Messages
-
RME Baseline Templates compliance and deploy regular expression
Hi:
I have a large number of 3750 stacks consisting of a variable amount , from 1 to 6, switches. I need to add to all
FastEthernet interfaces from 2/0/1 to n/0/24 a command , under the interface. That is on the 1st and if only one switch do nothing, and for all other switches, be it 2 or 3 etc switches under each interface add a one line command.
I have not found the correct syntax to have only the interfaces I need to be effected. For example:
interface [#FastEthernet.*#] picks all interfaces including the ones on the 1st switch which I don't want to change.
Interface [#fastEthernet[2-9].*#] ignores all interfaces.
I have tried various forms of syntax for the regular expression but either hit all interface or none.
Does anyone know how to format the request properly.
Thanks in advance
MickeyThis regexp should work:
interface [#FastEthernet(1[0-9]+|[2-9][0-9]*)/.*#] -
How to find routers with multiple bgp neighbors using baseline templates?
Running LMS 4.1 5k on Windows
We have around 400 routers on a MPLS network. Only few of these have more than one BGP neighbor. We need to enable some bgp traps so we know when a bgp neighbor is down. How would I write a baseline template to check if a router has more than one bgp neighbor?
basically I want to know if a router has more than one statement of the following kind:
router bgp xxxxx
neighbor x.x.x.x remote-as xxxxx <-- 1st neighbor
neighbor y.y.y.y remote-as yyyyy <-- 2nd neighborYes, it looks like the bug I mentioned previously. The bug has nothing to do with RME. You can use RME or not, and this bug will still be triggered. While an upgrade is recommended, the Release notes detail a workaround:
The 1711 router gives traceback when we process an snmpwalk at OID
"cInetIcmpMsgOutPkts" (1.3.6.1.4.1.9.10.86.1.3.2.1.6) from CISCO-IETF-IP-MIB or
when ciscoDslCpeMIB is queried (1.3.6.1.4.1.9.20.1.1).
12.2(15) works well
12.3(8)T4 and 12.0(3)T are giving this problem.
Didn4t find a similar problem reported to this one.
Workaround:
The problem lies in CISCO-DSL-CPE-MIB, so if you don't need this mib you can
exclude it from the default or created snmp view, thereby preventing the
traceback. Here is an example of 1) changing default view and 2) creating a new
view.
-- change the default snmp view to exclude CISCO-DSL-CPE-MIB
conf term
snmp-server view v1default ciscoDslCpeMIB excluded
end
show snmp view
-- create a new snmp view that excludes CISCO-DSL-CPE-MIB
conf term
no snmp-server view nodslmib
snmp-server view nodslmib iso included
snmp-server view nodslmib internet.6.3.15 excluded
snmp-server view nodslmib internet.6.3.16 excluded
snmp-server view nodslmib internet.6.3.18 excluded
snmp-server view nodslmib ciscoMgmt.252 excluded
snmp-server view nodslmib ciscoDslCpeMIB excluded
no snmp-server community public
snmp-server community public view nodslmib ro
end
show snmp view -
LMS 4.0 Prequisites of baseline templates are ignored if used for direct deploy
Hi all,
I'm want to use baseline templates for conditionally configuring several hundert access-switches.
What I expect to work:
Write a baseline template with prerequisites and parameters and use
Configuration> Compliance> Compliance Templates> Direct Deploy
The baseline template works perfect for
Configuration> Compliance> Compliance Templates> Compliance Check
if I use regex instead of parameters
- compliant devices are detected
- commands are generated only for non compliant devices
But I don't want to enter several hundert parameters manually if
I want to deploy the job after compliance chek...
If I change the regex into a parameter then direct deploy will unconditionally
generate the commands, regardless whether the prerequisites are met or not.
Is this by design or a bug?
My task is simple:
If interface Vlan1 has an IP address matching a certain pattern I want to deploy the global command
ip default gateway [same-prefix-as-interface-vlan1].1
Like I mentioned above: the regexes are OK: compliance check works as expected
When the regexes are changed to a parameter the command ip default-gateway will
always be generated regardles wether the prequisite is met or not.
Any thoughts or insight?
Regards, MiKaSolution was simple:
In one of the old release notes (Cisco Ressource Manager Essentials, around 2009) I found a note that prerequisites in templates are not supported with direct deploy. There are no notes for newer releases but the behaviour is exactly like described.
Another documentation error...
Rgds, MiKa -
What is "Remediate non Compliant Rule when supported" and how to use it ?
Hi,
now i have created around 10 baselines for the driver compliance check for different make and model of laptops and desktops, the os platform on the computer will be Win 7 X 64 computers
CI's working fine and iam curious to learn what is the ( Remediate non Compliant Rule when supported ) option actually ment for , what all we can use it for ?
and i need a example with complete steps too please
all i can understand from the word Remediate is that it will either run a query or initiate a process such as install the correct version of driver etc , please correct me if iam wrong
Thank you
OSLM ENGINEER - SCCM 2007 & 2012When creating a CI you can also configure a remediation script, that script will be used to remediate a non-compliant system. Also, some simple things like change the value of an existing registry key from 0 to 1 are supported out-of-the-box for compliance
and remediation.
An example:
http://www.petervanderwoude.nl/post/allow-direct-installation-of-windows-8-apps-via-compliance-settings-in-configmgr-2012/
Another example:
http://www.petervanderwoude.nl/post/go-to-desktop-on-sign-in-on-windows-8-1-via-compliance-settings-in-configmgr-2012/
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
I'm using a card template and trying to find what Avery product I should get to print the card on
I using a Pages greeting card template and trying to find out what Avery product I should buy to print it on. Where is this infromation?
The Avery web site has the layouts of its products and also ms Word tempaltes that open in Pages.
If you wish to use the Pages' templates select the overall rectangle of the card:
Inspector > Metrics
To find out the size and then look for the matching Avery stock, you will probably have to adjust bot the size and position for a close match.
However since greeting cards are just rectangles folded in half all you need to do is print them on card stock with some crop marks offset from the corners and cut them out with a sharp knife or a guillotine. Not rocket science.
Peter -
Hello,
I have a question about "baseline template"
I try know to find if some interfaces don't have OSPF key.
I create my basic template like this for find all the interface fastEthernet begins with 0/2/ who don't shut :
Conditional Block
sub mode
interface [#FastEthernet0/2/*#]
CLI commands
- shutdown
Compliance Block (Use the Submode of above condition is checked)
CLI commands
+ ip ospf message-digest-key [#*#]
and like this it doesn't works...
so I wonder how does works "stars *", "sharps #" ect ect ...
I try this because in the manual guide they use this, but I think I don't use them properly
thank you for answering meSo I've tried :
+ ip ospf message-digest-key [KEY]
and also
+ ip ospf message-digest-key 1 md5 [KEY]
apparently it doesn't works.
in response "RME say" to me 0 of 56 are compliant
it say, I should add in all interface the line "ip ospf message-digest-key ...". it's curious because the most of it have the line :/.
thank you for the link, I will study it. -
Baseline Template Query LMS 4.2 - IP address
Does anyone know how to create a baseline template that would validate a configuration to ensure that it only has 1 IP address terminating on it? The IP address may terminate on an SVI or an interface, but must only have the 1 IP address on the device
Any information or suggestion would be appreciated.Hi Afroz,
Thanks for the link however I was unable to find any information that would help me with my query.
Here's the issue. Multilayer switches can have multiple IP interfaces on them and on certain devices on our network, I want to ensure that there is only 1 IP interface. So, if the device only has 1 IP interface, the configuration is compliant. If the device has multiple IP interfaces, the configuration is non-compliant.
The other factor that would complicate things is that on some devices, the IP interface would be an SVI while on others the IP interface would be on an Ethernet port.
I hope this helps clarify my query.
Thanks,
H -
LMS 3.1 Baseline Template Fails
NEED HELP! :-)
I made a baseline template that basicaly says: If you encounter an interface with a vlan24, apply a port-security mac-address sticky command. TEMPLATE FOLLOWS:
In Conditional Block's SUBMODE:
interface [#.*Ethernet.*#]
CLI Command (of conditional block is):
+ switchport access vlan [#(24)#]
Use the SubMode of above condition (yes)
CLI Command:
+ switchport port-security mac-address sticky
UNFORTUNATELY, THE MESSAGE I GET AFTER THE DIRECT DEPLOY IS:
*** Device Details for cdp-aa-sw-c02-02 ***
Protocol ==> Unknown / Not Applicable
Selected Protocols with order ==> SSH
Execution Result:
CM0150 Deploy Baseline template to PRIMARY config on device failed Cause: CM0070 Copy Config to device failed on cdp-aa-sw-c02-02 Cause: Action: Check device credentials and reachability.
CM0100 Copy PRIMARY Running Config to PRIMARY Startup Config on device not attempted
CM0089 Config archival successful for cdp-aa-sw-c02-02
Do you have a clue what is wrong with this immediate job deployment??? Can you help me fix it so it applies correctly!?
Thanx in advance,
WANimalPost the job directory for this job. The directory is found under NMSROOT/files/rme/jobs/ArchiveMgmt on Windows and /var/adm/CSCOpx/files/rme/jobs/ArchiveMgmt on Solaris.
-
Checking aaa configuration using LMS Baseline Compliance Checks
Hi, I'm trying to setup a baseline configuration check for our devices that will cover both "types" of aaa accounting commands. Some devices have the commands spread over mutliple lines and some have them in single lines as per the examples below. I can't seem to make an "or" check that will cover both types. Can anyone please assist? I am using Ciscoworks 4.2.
aaa accounting exec default
action-type start-stop
group tacacs+
aaa accounting commands 0 default
action-type start-stop
group tacacs+
aaa accounting commands 15 default
action-type start-stop
group tacacs+
aaa accounting connection default
action-type start-stop
group tacacs+
OR
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting exec default start-stop group tacacs+Compliance check uses the same devices as everything else in RME. However, you need to make sure your template is configured to match the specific device types that you want to check. When you define your baseline template, you must choose one or more device types. Make sure you've checked all of the appropriate boxes (e.g. Routers and Switches and Hubs).
-
Using the Standard Template Library with 5.0 using 4.2 compatibility mode
Has anyone used the Standard Template Library with the 5.0 release of the complier using the -compat=4 flag ?
It's not your system, unfortunately. It's iTunes 5.0. I have XP, a brand new drive and Nero. I can burn all sorts of CDs, just none from iTunes.
I have gotten several emails from Apple regarding this issue, none of which helped. The last response I got said they were working on my problem. Right now, the best solution that I can come up with, although I'm not sure how to do it, is back up your songs as a data CD, uninstall 5.0 and reinstall version 4.9.
If you go back a few days (or maybe a week) in the discussions, someone posted a link for 4.9. If you can do this and successfully install 4.9 you will have no problem burning CDs. I just haven't had any luck burning my songs as data. I have 4.9 on an older computer and can burn CDs for days. So all I have to do is get my songs to the old PC and I'll be in business. -
Devices in Deployment status show up as Non-Compliant
In the deployment status section of SCCM 2012 we have 6 of the 10 servers listed in the In-Progress tab which are Non-compliant. 3 of the servers are list as Downloaded Updates. Verified that the boundaries are set up correctly and check relevant logs and
no software updates are being pushed out to the servers almost an hour into the maintenance window. Not sure what the cause is, could use all the help I can get. Thanks!Hi,
Is the client healthy?(CcmEval.log, ClientIDManagerStartup.log, ClientLocation.log, LocationServices.log)
Could the client communicate with MP? Please check CcmMessaging.log and open
http://<MP Name>/sms_mp/.sms_aut?mplist in IE on the client to see whether it can find the MP.
Best Regards,
Joyce -
Can anyone explain to me why the following item is considered non-compliant on this list? It states for the reason that it could not find a compatible TPM, but when you look at the details it clearly shows that it is encrypted and that TPM is the protector
type.I answered my own question on this one. It is apparently a bug in MBAM 2.5 when using AES-256 with Diffuser. I installed Hotfix KB2975636 on the client system and it corrected in the next update without an issue.
If anyone else is looking for this Hotfix, here is the link.
https://support.microsoft.com/kb/2975636?wa=wsignin1.0 -
ISE 1.2 - Posture Detail Assessment - enforcement audit mode report not show status for non-compliant.
- For old version 1.1.4 it can be reported for non-compliant, How can I generate report for this?
Thanks
Kosin UsuwanthimIt used to be in there (id 226635 is the last one with it); should I clean it up a bit and put it back with a bit more of a disclaimer?
-
How can I modify column width in a spreadsheet report without using an Excel template
I currently use the LabVIEW Report Generation toolkit in LabVIEW 2011SP1 to create simple spreadsheet reports that I can build/print without having Microsoft Office products installed. I really like being able to do this, and it allows me to generate nice on-demand data reports - I'm also not tied to having Office installed on the system I'm using, so this works on just about any test fixture I can install the software on.
I recently have a requirement that I must have variable-length columns in my report. I currently use the VI "Append Text Table to Report" in order to create a text table, but the column width requirement is that all columns must be equal width UNLESS I use an Excel Template file to define my column widths.
My questions are:
Is it possible to create a text table and define per-column widths without using an Excel Template? If so, how? My report mainly has a lot of small numerical values for the columns, but some columns contain system names or status messages - I really hate the longer text blocks wrapping and taking up so much real-estate when if I could control the column widths I can get all my data on a single line.
I'll admit I haven't tried this myself yet, but if I use an Excel Template will that require me to have Excel installed on the PC in order to print/generate reports?
Is there a recommended way (with an example) of generating a text table in a report with or without using the "Append Text Table to Report" VI that allows me to have custom column widths that doesn't require me to manually build a custom print page? If I do have to create a custom print page, what would be the most straightforward approach?
Thanks!
-DannySure, I'll provide a pared down example that demonstrates my use-case:
I have a control to the VI that takes in a 2D array of strings representing the data I want printed in a table. I am generating a standard report, adding a table to the report, and printing it. The first VI is "New Report.vi", the second VI is "Append Table to Report.vi", and the third is "Print Report.vi", all found standard in the Report Generation palette.
Note that the "Append Table to Report.vi" has an input parameter "Column Width" with a default value of (1). This input parameter is a single input parameter, which defines the column widths of ALL the columns in my table - hence, with the VI the way it is, all my columns will be 1 inch wide.
I find myself needing to be able to define per-column widths, not just a single global column width parameter.
The only way I have found to do this is by using an Excel template file. The "New Report.vi" takes in a "template" parameter, and if used, the report generation toolkit can be set to ignore the "Column Width" input parameter on the "Append Table to Report.vi" by setting the width value to -1. Instead it will launch Excel, open the template file provided, build the table using the template, will close Excel, and will attach the generated table to the report. However, I have a strict requirement that Microsoft Office NOT be required to be installed on the computer.
So, without using Excel, is there a way to generate a table in a report and define the width of each column individually?
-Danny
Maybe you are looking for
-
I've seen all the posts for fixing the wifi on the 4s, none of them work! So, who can tell me why my iPhone 4S cannot find any wifi when it used to find wifi, and when it does find a wifi network it can never connect? You think apple would have a c
-
I had captured vendor excise invoice against PO in J1IEX Later while doing GR, I had selected Refer excise invoice by drilldown.The excise value flows correctly which were captured before. When i had posted GR & trying to see display of GR ,Excise ta
-
I just bought this software from RAFT teacher resources and it's non returnable. I don't know that it doesn't support macbook pro. Is there anyway can you help me if you can. I don't want to waste it. Thanks. Best regards, Vivian.
-
Iphoto 8 after update won't import RAW files
I'm running iphoto 8 version 7.1.3 and just updated the software from Apple's auto update (Jun 30th is when the update installed). Now I can't import RAW files from my canon 30D, from a memory card or from existing files. Every time I try iphoto free
-
How to install Flash Snippets panel in the Flash Builder Beta2
I can't find the Flash Snippets panel in the Flash Builder Beta2.