[tac_plus] regex for pipe in command syntax

Alan McKinnon alan.mckinnon at gmail.com
Fri Feb 20 12:54:25 UTC 2015


The deny/permit statements are regexes, so it treats the pipe character as
an "OR". Try this for 3409:

permit "^logging\|include foo$"

(pls excuse the top post, have to use Gmail in a browse for now)

Alan


On Thu, Feb 19, 2015 at 9:34 PM, Asif Iqbal <vadud3 at gmail.com> wrote:

> Hi All,
>
> How do I allow ``show logging | include foo'' but not ``show logging'' ?
> Some security requirement that we are trying to achieve where
> you are allowed to search for specific string ``foo'', but not allowed to
> see all the logs.
>
> This is what I tried and did not work
>
>         cmd = show {
>                 deny "^logging$"
>                 permit "^logging|include foo"   # line 3409
>                 deny .*
>         }
>
> And I am getting
>
> Thu Feb 19 14:25:44 2015 [3506]: show logging <cr> permitted by line 3409
>
> I ran
> router#show logging<enter>
>
> If I try ``permit "^logging\s+|include foo'' I get the following error
>
>  Thu Feb 19 14:22:43 2015 [3434]: Error expecting '}' but found '+|' on
> line 3409
>
> Any suggestion is appreciated.
>
>
>
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.shrubbery.net/pipermail/tac_plus/attachments/20150219/d92d91d9/attachment.html
> >
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/tac_plus
>



-- 
Alan McKinnon
alan dot mckinnon at gmail dot com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150220/07bd05ce/attachment.html>


More information about the tac_plus mailing list