Is it possible to use regex in a pattern block?

Question

I am trying to match against a Palo Alto configuration looking for rules that are using a specific destination object.

Rules are under this structure:

config
devices
{string}
vsys
{string}
rulebase
security
rules
{rule_name: (string)*}

and an example of what I am trying to match is:

"Example Rule" e32ff2ab-a82f-43b6-953e-7e113v624779 {
destination non-client "External SRC EDL" "Another EDL-wehave"];

First line would be the rule name and the second is where I would really want to do the regex match. The items past “destination” can be a single entry or multiples within s]’s. If there are spaces in the names then the whole name is confined in “’s.

My goal is to find all rules which have “External SRC EDL” in the destination and I can’t quite figure out how to do it. Any help would be appreciated.

Page 1 / 1

@Ivan That is a question that we worked on before. There are two different answers in this. The last answer is using regular expressions.

You will pull the data out as a string first. the run the regex on that string. You can not currently put an regex inside the block match.

Reply

Tyson Henrie · Answer

​@Ivan That is a question that we worked on before. There are two different answers in this. The last answer is using regular expressions.You will pull the data out as a string first. the run the regex on that string. You can not currently put an regex inside the block match.

Reply

Badge winners

Sign up

Select a login option:

Welcome to the Forward Networks Community

Select a login option:

Scanning file for viruses.

This file cannot be downloaded