×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC Network Automation 8.8 ... Using Managing configuration compliance

Testing rules

Before you enable a rule set, you should test each rule to ensure that the rule set will function as expected. This topic describes the rule test methods that BMC recommends.

The first method for testing your rules is to use the Compliance Summary Report and its Failed and View Trace links. See the View Trace example section in the Viewing a Compliance Summary report page.

The Failed link shows the current configuration compared with the compliant configuration. The compliant configuration contains the additions and deletions that BMC Network Automation made according to the rule. Review the changes to verify that they are done in the correct location.

The View Trace shows exactly how BMC Network Automation applies the rule to the configuration. Review the Corrections section towards the bottom and verify that the corrections are what you expect and where you expect them; closely examine the blocks to ensure that the corrections made to the blocks were actually made inside those blocks. Use the line coloring in the report to help you understand where the system located the domain(s) of interest and any matching subject lines.

As a final test, create a job that performs a Deploy to Active action that remediates with the new rule set. Use the Scripts icon in the Actions list to display the incremental merge scripts page, and click through the devices. Review the incremental merge script, especially when multiple rules are involved, since they can interact in unexpected ways. Some basic conflicts between corrections are reported to you here (for example, rule 1 adds a line, which rule 2 then removes). You can discard the job once the review is complete, or save it as draft, if you need to rework the rules and re-test them.

When all rules are functioning correctly, follow these steps to perform an initial compliance check:

  1. Enable the rule set, as seen in Viewing the rule sets listing.
  2. Submit a Refresh Device Status span action with Compliance Violation Status checked. The refresh performs a compliance check on the current configurations. See Refreshing the status of a device.

Thereafter, BMC Network Automation performs a compliance audit when it detects a change in any configuration. Compliance violations are displayed on the Dashboard and logged to the Event Log. You can also view compliance violations from the Compliance Summary report, or by running a Compliance Status action in a job.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Sulekha Gulati on Dec 16, 2015
rule_set rules testing best_practices recommendations contributor-updated

Comments

Log in or register to comment.

Exporting rules
Managing policies
© Copyright 2013 - 2016 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.