Many network engineers don’t know Regular Expressions. Until a few years ago, neither did I. But they’re useful. So very, very useful.
In this article, I’ll give a very quick overview of how they work, and then will give you a few useful examples to show why they are so useful. Most network operating systems (IOS, Junos, ScreenOS, etc) support regex, as do most Unix-y tools that you probably use (most are familiar with grep/egrep). Of course, regex become even more useful when you start writing automation scripts in Perl / Python / whatever.
Patterns / Operators
. = Any character, including whitespace
\ = Make next character literal instead of having special meaning e.g. \. will match an actual dot.
| = Or
[] = Character class – match any of the characters inside the square brackets e.g. [cta] would match “c”, “t”, or “a”.
() = Group – used to match a pattern used later, or more commonly to group “or” conditions e.g. (cat|dog) would match “cat” or “dog”
^ = Beginning of line
$ = End of line
\w = Any “word” character (alphabet lower/upper case, numeric digit, or hyphen) – same as [a-zA-Z0-9-]
\s = Any whitespace character e.g. space, tab, etc.
\d = Any numeric digit – i.e. [0-9]
Repetition
* = Zero or more of preceding “thing”
+ = One or more of preceding “thing”
? = Zero or one of preceding “thing” (i.e. it is optional)
{n} = Exactly n number of preceding thing
Caveats
Most network operating systems only have basic regex support, and so may not support all of these options detailed above. Off the top of my head, IOS does not support \w, \s, \d, {n}. The ones I’ve included are for completeness of the options used most commonly across all tools/platforms. You’ll find out what you can and can’t use in your network operating system of choice with a bit of practice and experimentation.
Useful Network Examples
Check that VLANs 110, 120, 130, 140 are in the VLAN database:
switch#sh vlan | inc VLAN01[1234]0 110 VLAN0110 active 120 VLAN0120 active 130 VLAN0130 active 140 VLAN0140 active switch#
Find out where firewalls 1 and 3 are patched in:
switch#sh int desc | inc -fw-0[13] Gi0/20 up up site1-fw-03:eth0 Gi0/21 up up site1-fw-01:eth5 Gi0/23 up up site1-fw-03:eth1 switch#
Find out where appservers or proxy servers have their primary interfaces patched in:
switch#sh int desc | inc -(app|prx)-.*eth0 Gi0/5 up up site1-app-01:eth0 Gi0/6 up up site1-app-02:eth0 Gi0/15 up up site1-prx-01:eth0 Gi0/16 up up site1-prx-02:eth0 switch#
Find configured static routes for 10.5.0.0/24, 10.5.1.0/24, 10.10.0.0/24, and 10.10.1.0/24:
router#sh run | in ^ip.route.10.(5|10).[01].0.255.255.255.0 ip route 10.5.0.0 255.255.255.0 10.1.1.1 ip route 10.5.1.0 255.255.255.0 10.1.1.1 ip route 10.10.0.0 255.255.255.0 10.1.2.1 ip route 10.10.1.0 255.255.255.0 10.1.2.1 router#
Find access-list lines on an ASA ACL that are to Nagios/Webserver hosts:
firewall# sh access-list outside_access_in | inc host.(nagios|webserver)
access-list outside_access_in line 26 extended permit tcp any host webserver eq www log notifications interval 300 (hitcnt=15984) 0xaa16b346
access-list outside_access_in line 82 extended permit tcp object-group ext_whitelist host nagios eq https log notifications interval 300 (hitcnt=5922) 0xd0afeb92
firewall#
Conclusion
I hope you have found this brief introduction to regex useful. I certainly find regular expressions useful in many aspects of my work. Above all else, they mean I can find information faster, or use them in scripts to make my work easier.
If you’d like to know more, make sure you visit the excellent website http://www.regular-expressions.info/ and follow @regextip on Twitter.
And of course, once you get used to using regex every day, this will become one of your favourite XKCD comics: http://xkcd.com/208/
About Jason Ashworth
