4-56
Cisco Prime Network 4.0 User Guide
OL-29343-01
Chapter 4 Device Configurations and Software Images
Compliance Audit
After you complete adding rules to the policy, a profile must be created. For more information, see
Creating a Policy Profile.
Creating Rules—Samples
This section explains three scenarios in which rules can be created.
Problem This policy checks if at least one of the pre-defined DNS servers are configured on device.
The following condition checks if either IP name-server 1.2.3.4 or IP name-server 2.3.4.5 is
configured on the device, and raises a violation if neither of them are configured.
Solution The following settings have to be made in the appropriate sections.
New Conditions and Actions—Action Details tab (applicable for both Match Acti on and Does Not Match Action
Select Action Select one of the following actions that Compliance Audit must perform upon detect ing a violation:
Continue—If the condition is met or not met, the rule continues to run based on the condition
number specified in the field. If a condition number is not specified, the rule skips to the next
immediate condition.
Raise a Violation—Raises a violation and stops further execution of rule.
Do Not Raise a Violation—Does not raise a violation; stops further execution of rule.
Condition Number Specify the condition number to which the rule must continue with in case the condition is met or is
not met. You cannot specify a condition number that is lesser than or equal to the current condition
number. This field is enabled only if you selected the option Continue from the Sele ct Action field.
Violation Severity Specify a severity that Compliance Audit must flag if a violation is detected. This field is enabled
only if you selected one of the options, Raise a Violation from the Selec t A ction field .
Violation Message
Type Select a message type. If you det ermine a violation as not fixable (or requiring manual intervention),
select the Generate Default Violation Message During Audit option. To enter a fix for a violation,
select the option Define Custom Violation Message for the Condition.
Violation Message Enter a violation message that is displayed in the Job View window. select the option Define Custom
Violation Message for the Condition.
Fix CLI Enter a relevant CLI fix if the device does not meet the condition specified. sele ct th e op tio n Define
Custom Violation Message for the Condition.
Do not enter config t and its exit commands.
Note exit command is allowed at main and sub-level commands.
Table 4-6 New Rule - Fields (continued)
Field Description
Field Value
Configuration Scope Configuration
Operator Matches the expression
Valu e ip name-server (1.2.3.4|2.3.4.5)$
Match Action Do not raise a violation and exit this rule