Cisco UCS SNMP community syntax is very similar to Cisco IOS BGP community syntax, where set community blah may be a sensitive line on one device but not on the other. There are some clues to when the community name is a BGP community (and therefore is not sensitive), like when it is:
a well-known community: gshut, internet, ...
numeric: 1234, 123:456
using a parameter or peeras: $foo:123, $foo:$bar, peeras:24
a list of values in parenthesis: ($foo:123 123456 987:654), (1234)
community name followed by the keyword 'additive': blah additive
Netconan already recognizes the first two cases and skips anonymization in those cases.
In this PR:
Update Netconan snmp-community regex to recognize and skip the last three cases as well.
Context:
Cisco UCS SNMP community syntax is very similar to Cisco IOS BGP community syntax, where
set community blah
may be a sensitive line on one device but not on the other. There are some clues to when the community name is a BGP community (and therefore is not sensitive), like when it is:gshut
,internet
, ...1234
,123:456
peeras
:$foo:123
,$foo:$bar
,peeras:24
($foo:123 123456 987:654)
,(1234)
blah additive
Netconan
already recognizes the first two cases and skips anonymization in those cases.In this PR:
Update
Netconan
snmp-community regex to recognize and skip the last three cases as well.This change is