What is Regex?

Regex—short for regular expressions—is a way to describe a search pattern. They can be used to find a text pattern or string (character sequence) within a larger body of text, such as a sentence or paragraph, but even entire documents and databases. They can be used to quickly find specific text in a text document like a configuration file for a network device. Need to know what IP addresses a device has? What VLANs are on a switch? What devices are using a deprecated DNS server? Regex has your back. Let’s head back to Regex 101: what it is, and how it can help in your day-to-day network monitoring and management tasks.

Regular expressions date back to 1951 when they were first conceived by the mathematician Stephen Cole Kleene. By the late 60s, regular expressions began to find their way into text editors. They were integrated into early Unix systems in the 70s, becoming part of the POSIX 2 (Portable Operating System Interface) standard.

Regex grew in popularity in the late 80s with the introduction of the PERL programming language. Regex can be found in almost every facet of document and database modeling, including Java, Python, and PHP.

Regex Basics

Regular expressions were originally used with the ASCII character set, but most modern implementations of regex use Unicode. Regex has basic characters and special characters. Basic characters are standard alphanumeric characters – ABC and 123. Special characters are non-alphanumeric characters such as ?*+ used to define and match the patterns basic characters may make up. These special characters have several different types.

Quantifiers

A quantifier determines how many times a basic character or characters are allowed to repeat in the match.

  • ? matches zero or one preceding character. For example, ab?c matches ac and abc.
  • * matches zero or more preceding characters. For example, ab*c matches ac, abc, abbc, and abbbc (with no limit on how many b’s could be matched).
  • + matches one or more preceding characters. For example, ab+c matches abc, abbc, and abbbc (again with no limit on how many b’s could be matched – but ac would not match).
  • {number} matches the preceding item the number of times in the curly bracket. For example, a{3} would match aaa
  • {number,} matches the preceding item at least the number of times before the comma. For example, a{3,} would match aaa, aaaa, aaaaa, and so on.
  • {,number} matches the preceding item at most the number of times after the comma. For example, a{,3} would match a, aa, and aaa but not aaaa.
  • {number1,number2} matches the preceding item at least the number of times for the first number but not more than the second number. For example, a{3,5} would match aaa, aaaa, or aaaaa but not a or aaaaaa.

Boolean

The pipe character can be used for a boolean “OR”. For example, a|b will match either a or b.

Groupings

A group is a set of characters that will match any of the characters inside the set. For example, [abc] will match anything containing the characters a, b or c.

Assertions

Assertions are used to define the surroundings of a match, like where they are located in the text being searched. The two most common and useful assertions are ^ and $. ^ is used for matching characters at the beginning of the line, and $ is used for matching text at the end of a line.

For example, ^nanook will match “nanook the bear”. $bear will also match “nanook the bear”.

Wildcard

The wildcard . will match any character. For example, a.c will match abc or axc or any other character between the a and c.

regular expressions - comic strip

Uses for Regex in Networking

Today, many programming languages other than PERL also support the use of regex–including Python, Javascript and PHP. Regex is also common in many Linux/Unix tools like vim (text editor), sed (parsing and transforming text) and grep (searching for text in various output). One useful example for using regex in networking is the manipulation of configuration files.

So what’s the advantage of regular expression for network engineers? Regex can be a very powerful tool for quickly finding things in the config files of network devices. Configuration files can get very large for complex setups, and it can be cumbersome to look for specific things within them. Regex vastly speeds up finding what you need within a network configuration file. When dealing with large numbers of configuration files simultaneously—regex is no longer a convenience, it is a necessity.

Let’s look at some examples of how to search for various useful information in a network config downloaded from a device (or exported via Auvik) using grep. Grep is a command-line tool for searching text data using regular expressions. It’s a powerful way to find precisely what you’re looking for in a large set of data. In all of our examples, the name of the switch configuration backup file will be backup.txt (taken from my homelab core switch—a HP 3500yl). Using grep, we will search for specific text (defined by a regex) within the backup.txt file.

Fining Basic Info

What is the hostname of the device?

grep 'hostname' backup.txt

will show the line of the config containing the hostname of the device. For example,

hostname "nanook"

How about quickly finding what IP addresses a device has?

grep 'ip address*' backup.txt

Because of the wildcard (*) operator, this will show us all the ip addresses of/on my core switch:

   ip address 10.0.0.1 255.255.255.0
   ip address 10.0.2.2 255.255.255.252
   ip address 10.0.10.1 255.255.255.0
   ip address 10.0.20.1 255.255.255.0
   ip address 10.0.30.1 255.255.255.0
   ip address 10.0.40.1 255.255.255.0
   ip address 10.0.50.1 255.255.255.0

What VLANs do I have on my switch?

grep "^vlan" backup.txt

Will show us all the VLANs that the switch has:

vlan 1
vlan 2
vlan 10
vlan 20
vlan 30
vlan 40
vlan 50

Here I can use the “^” assertion because I know the list of VLANs also starts with “vlan XXX”. Furthermore, there are instances of the word VLAN in my config where the word VLAN is later in the line. These config lines aren’t related to the configuration of VLANs on the switch and in this instance, I’m not interested in seeing them. The “^” assertion shows me what I want in this case but also strips away what I don’t want.

Diagnosing DNS Issues

Here’s another useful example., Say I’ve updated my DNS server, and have no idea which of my network devices might still be pointing to my old DNS server:

grep -l 'ip dns server-address priority [12] 10.0.40.53' *.txt

The above grep will search through all txt files in the current directory (where I have saved multiple network device configuration backups and each has a .txt extension) and show me which ones contain either “ip dns server-address priority 1 10.0.40.53” or “ip dns server-address priority 2 10.0.40.53”. For this example I get the following output:

backup.txt
backup4.txt
backup10.txt 

This means the files backup.txt, backup4.txt and backup10.txt contain the line I’m looking for, which means I need to update the DNS setting on both of these devices. Since I’ve named both of these files poorly, I can either use the hostname or IP address searches above on each of these text files to quickly find the device with the incorrect DNS setting. Handy for securing your DNS.

Solving for SNMP

Same thing applies to another common issue: SNMP isn’t working and I need to verify the SNMP config of the device:

grep '^snmp' backup.txt

This will show me just the lines of the config with the SNMP configuration:

snmp-server community "auvik"
snmp-server contact "nanook the bear" location "north pole"
snmpv3 enable
snmpv3 group managerpriv user "nanook" sec-model ver3
snmpv3 user "nanook"

With regex, I can quickly find the SNMP configuration section in my config backup and examine it for potential issues.

Sorting through Access Lists

Regex can also be handy to search through ACLs. Let’s say I’m having connectivity issues with one of the devices in my home lab and I quickly want to see all the deny lines of my ACLs:

grep 'deny*' backup.txt

Will show me all the IP ranges being denied:

     20 deny ip 10.0.20.0 0.0.0.255 10.0.0.0 0.0.0.255 log
     30 deny ip 10.0.20.0 0.0.0.255 10.0.10.0 0.0.0.255 log
     40 deny ip 10.0.20.0 0.0.0.255 10.0.30.0 0.0.0.255 log
     50 deny ip 10.0.20.0 0.0.0.255 10.0.40.0 0.0.0.255 log
     60 deny ip 10.0.20.0 0.0.0.255 10.0.50.0 0.0.0.255 log
     100 deny ip 10.0.30.0 0.0.0.255 10.0.0.0 0.0.0.255 log
     110 deny ip 10.0.30.0 0.0.0.255 10.0.10.0 0.0.0.255 log
     120 deny ip 10.0.30.0 0.0.0.255 10.0.20.0 0.0.0.255 log
     130 deny ip 10.0.30.0 0.0.0.255 10.0.40.0 0.0.0.255 log

Regex is a deep rabbit hole and months or years can be dedicated to mastering it—but even just a few minutes or hours can have you utilizing the basics, and the power of even simple regex searches can improve your network productivity immensely.

Leave a Reply

Your email address will not be published. Required fields are marked *