[tac_plus] regex for pipe in command syntax
heasley
heas at shrubbery.net
Fri Feb 20 04:40:54 UTC 2015
Thu, Feb 19, 2015 at 02:34:25PM -0500, Asif Iqbal:
> Hi All,
>
> How do I allow ``show logging | include foo'' but not ``show logging'' ?
> Some security requirement that we are trying to achieve where
> you are allowed to search for specific string ``foo'', but not allowed to
> see all the logs.
>
> This is what I tried and did not work
>
> cmd = show {
> deny "^logging$"
> permit "^logging|include foo" # line 3409
> deny .*
> }
>
> And I am getting
>
> Thu Feb 19 14:25:44 2015 [3506]: show logging <cr> permitted by line 3409
>
> I ran
> router#show logging<enter>
>
> If I try ``permit "^logging\s+|include foo'' I get the following error
\s is not a regex atom.
> Thu Feb 19 14:22:43 2015 [3434]: Error expecting '}' but found '+|' on
> line 3409
>
> Any suggestion is appreciated.
i suspect that you have an error on a previous line.
but the router will reformat the command; add or compress spaces, etc. i
guarantee that "^logging|include foo" will not match what the router will
send. debugging tacacs on the router will show you what string it has
sent.
>
>
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150219/d92d91d9/attachment.html>
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
More information about the tac_plus
mailing list