I'm trying to build a rule which performs something similar to the above:
Example 1:
A rule which checks that if spanning-tree portfast or storm-control broadcast level 1.00 or Port Security is enabled on all switchports except trunks. (this would be spilt in 3 different rules but the idea would be the same)
interface FastEthernet/GigabitEthernetX/Y
description ABCDEFG [optional]
switchport access vlan Z
switchport mode access
no logging event link-status
no snmp trap link-status
spanning-tree portfast
Another example would be if an interface contains a description called Internet, check that the interface contains ip access-group Internet-in in or ip nat outside.
interface [internet-interface]
description Internet interface (ISP Abcdefg)
ip address x.x.x.x y.y.y.y
ip access-group Internet-in in
ip access-group Internet-out out
ip inspect FW in
ip inspect FW out
ip nat outside
Most of my rules are working but rules like these are difficult and catch me out. (My Regex wouldn't be the best)
Any help would be great.
