Cisco UCS SNMP community syntax is very similar to Cisco IOS BGP community syntax, where set community blah may be a sensitive line on one device but not on the other. There are some clues to when the community name is a BGP community (and therefore is not sensitive), like when it is:
a well-known community: gshut, internet, ...
numeric: 1234, 123:456
using a parameter or peeras: $foo:123, $foo:$bar, peeras:24
a list of values in parenthesis: ($foo:123 123456 987:654), (1234)
community name followed by the keyword 'additive': blah additive
Netconan already recognizes the first two cases and skips anonymization in those cases.
In this PR:
Update Netconan snmp-community regex to recognize and skip the last three cases as well.
Context:
Cisco UCS SNMP community syntax is very similar to Cisco IOS BGP community syntax, where
set community blahmay be a sensitive line on one device but not on the other. There are some clues to when the community name is a BGP community (and therefore is not sensitive), like when it is:gshut,internet, ...1234,123:456peeras:$foo:123,$foo:$bar,peeras:24($foo:123 123456 987:654),(1234)blah additiveNetconanalready recognizes the first two cases and skips anonymization in those cases.In this PR:
Update
Netconansnmp-community regex to recognize and skip the last three cases as well.This change is