8-74
User Guide for Resource Manager Essentials 4.1
OL-11714-01
Chapter 8 Archiving Configurations and Managing Them Using Archive Management
Baseline Template
• You can use this Baseline template to compare with other device configuration and generate a report
that lists all the devices which are non-compliant to the Baseline template.
• You can easily deploy the Baseline template to the same category of devices in the network.
• You can schedule a compliance check job and deploy the Baseline template onto the non-compliant
devices. This can be performed as a single job or as a separate job.
• You can import or export a Baseline template. This template is stored in XML format.
The rules for specifying the Baseline templates are:
• All the commands that are disallowed should begin with a “-”.
• All commands that are mandatory should begin with a “+”.
• Commands that do not begin with (- or +) are considered as comments and ignored.
• The command values can be a wildcard match.
+ ip address [ip-address] [netmask]
+ ip address [#10\.76\.38\..*#] [netmask]
+ ip address [#10\.72\..*\..*#] [netmask]
To find a match for any octet in an IP address you must use \..*.
In the examples shown above, the command will apply for all the devices with the IP address starting
with 10.76.38.* [netmask] and 10.72.*.* [netmask].
• The regular expressions must be enclosed with #.
For example:
snmp-server location [#.*#]
This command will fail compliance check for snmp-server location loc1 loc2 loc3, because the
check will be performed only for one word after snmp-server location.
To overcome this, you have to define the command as:
+ [# snmp-server location .*#]
Then the compliance check will be performed for all forms of snmp-server commands like
snmp-server location loc1 loc2.....n,etc.
• Negation in Regular expressions :
Use Case 1:When there are more than one entry in the Config files.
Commands in Device Config :
logging name1
logging name2
logging name3
Template: +logging [#!name1#]
Details : The negation of the name1 is done which returns true, since there are other logging commands
present with other names. So the template is compliant.
Use Case 2: When there is only one entry in the Config files.
Commands in Device Config :
logging name1
Template: +logging [#!name1#]