rConfig - Policy compliance

5 mins V7 Pro

The Policy Compliance page shows the compliance for the Policy Assignments you have configured and already run against devices.

Main View

Important Notice: Optimized Report Retrieval Update

We’ve reengineered how reports are retrieved from the database to improve performance with larger data sets. For users prior to v7.2.6, please run the provided PHP Artisan command to update existing reports for faster loading. Follow the instructions here. Be patient while the data updates.

The Policy Compliance main view gives us high level statistics about the compliance for the Policy Assignments you have configured. The individual items in the main view are a list of compliance items for the Policy Assignments you have configured. We can expand each item to see the compliance results for the assignment. The following is a screenshot of the main view:

Policy Compliance main view - expanded view

We can click the ‘View Details’ button to see the detailed compliance results for the assignment. And we can edit the assignment by clicking the ‘Edit Assignment’ button. When viewing the detailed results, we can see compliance results for each device in the assignment. We can expand the results for each device by clicking the expand icon in the main view, and click ‘Show Result Output’ button to view the JSON results form the last time the compliance assessment was run against the device.

Policy Compliance details - expanded view

The detailed result output is essentially a copy of the actual JSON Policy Definition file with an extra key/value pair. That is the “result Output” key/value pair. The values are either “true”, “false” or “NOT EVALUATED - CONFIG NOT FOUND”.

Successful Policy Output

{
  "0": {
    "policyMethod": "must_match_single_string",
    "comment": "Description: must_match_single_string SNMP Policy",
    "policyString": "snmp-server host 1.1.1.1 TESTCOMMUNITY",
    "result": "pass",
    "resultRaw": true,
    "configId": 9
  },
  "eval_result": "PASS",
  "eval_result_raw": true,
  "eval_result_reason": "All policy methods passed"
}

Take note of the Result. In this case the ‘Result’ is true. Meaning the config for this device had the correct value for the policy.

Missing Config Policy Output

{
  "result": "NOT EVALUATED - CONFIG NOT FOUND"
}

The ‘Result’ value this time says that the config for this device was not found. So double check that the config is downloaded to the device, for the command that was configured in the Policy Assignment.

Failed Policy Output

{
  "0": {
    "policyMethod": "must_match_single_string",
    "comment": "Description: must_match_single_string SNMP Policy",
    "policyString": "snmp-server host 1.1.1.1 TESTCOMMUNITY",
    "result": "pass",
    "resultRaw": true,
    "configId": 9
  },
  "1": {
    "policyMethod": "must_match_single_string",
    "comment": "Description: must_match_single_string SNMP Policy",
    "policyString": "snmp-server host 1.1.1.1 NOTCOMMUNITY",
    "result": "fail",
    "resultRaw": false,
    "configId": 9
  },
  "eval_result": "FAIL",
  "eval_result_raw": false,
  "eval_result_reason": "1 policy methods failed"
}

The ‘Result’ is false this time, meaning the config for this device had the incorrect value for the policy.