Network Configuration Search Engine - rConfig V8

Configuration Search: Find Anything, Fast

Need to find all devices with a specific SNMP community? Want to identify which routers have a particular ACL? Looking for devices still using deprecated NTP servers? Configuration Search sweeps through thousands of configuration backup files in seconds, delivering precise results without manual grep commands or file-by-file reviews.

---

Why Configuration Search Matters

Compliance Auditing

Auditor asks: “Which devices have SNMP community ‘public’?” Run a search, get the list in seconds. Export results, attach to audit report. Done.

Security Investigations

Security team reports: “IP 10.0.0.50 may be compromised—what devices reference it?” Search for the IP across all configs. Identify affected devices immediately.

Change Impact Analysis

Planning to decommission NTP server 192.168.1.10? Search for it across all devices to understand scope before making changes.

Configuration Standardization

Deployed a new logging server via configuration snippets. Which devices aren’t configured for it yet? Search for the new server IP, compare against device inventory, identify gaps.

Troubleshooting

Network behavior changed. What configs reference the subnet where issues are occurring? Search narrows the investigation scope from hundreds of devices to the relevant few. Use Change Pulse for real-time change analysis.

---

How Configuration Search Works

rConfig’s search engine uses an optimized algorithm to sweep through configuration files rapidly. Unlike basic grep, it understands rConfig’s configuration backup file structure and can filter by device attributes, commands, and time ranges.

Search capabilities:

• Text search: Find literal strings (case-sensitive or insensitive)
• Regex search: Use regular expressions for pattern matching
• Command filtering: Search only specific command outputs
• Category filtering: Limit scope to device categories
• Historical search: Search all versions or just latest configs
• Context lines: Show surrounding lines for each match

Performance: Searches complete in seconds for typical deployments (hundreds of devices, thousands of configs). Larger historical searches may take longer depending on file quantity.

---

Accessing Configuration Search

Navigate to Config Tools → Config Search

---

Search Interface Breakdown

1. Select Command (Optional)

Purpose: Filter search to specific command outputs only.

Example: Select show run to search only running configurations, ignoring show version and other command outputs.

Use case: When you know the configuration element you’re searching for appears in a specific command output.

Default: If not selected, searches all commands for all devices in the category.

2. Search String (Required)

Purpose: The text or regex pattern to search for.

Text search examples:

• snmp-server community public - Find SNMP community configuration
• ntp server 192.168.1.10 - Find NTP server references
• access-list 100 - Find specific ACL
• interface GigabitEthernet0/1 - Find interface configuration

Regex search examples:

• ntp server \d+\.\d+\.\d+\.\d+ - Find any NTP server IP
• snmp-server community \S+ - Find any SNMP community string
• ^interface (Gigabit|TenGigabit) - Find gigabit and ten-gigabit interfaces
• access-list (10|20|30) - Find specific ACL numbers

3. Command Group (Required)

Purpose: Select which device category to search within.

Example: Select “Core Routers” to search only core router configs, not switches or firewalls.

Use case: Narrow search scope when you know which device types contain the configuration you’re looking for.

Why required: Prevents accidental searches across entire infrastructure when you only need a subset. Improves performance.

4. Case Sensitive (Optional)

Purpose: Control whether search is case-sensitive.

Default: Case-insensitive (disabled)

• router matches router, Router, ROUTER

When to enable:

• Searching for variables or identifiers where case matters
• Distinguishing between Router (hostname) and router (command)
• Exact pattern matching requirements

5. Search Latest Only (Optional)

Purpose: Control whether to search only the most recent configs or all historical versions.

Default: Enabled (search latest configs only)

• Fastest search option
• Returns current state of devices
• Best for operational queries

When to disable (search all history):

• Investigating when a configuration element was added/removed
• Compliance audits requiring historical evidence
• Forensic analysis of configuration drift over time

Warning: Searching all historical configs can take significant time depending on:

• Number of devices in category
• Backup frequency (daily backups = more files than weekly)
• Retention period (90 days vs. 1 year of history)
• Total file quantity

Searches across large historical datasets may cause the page to hang while processing. Use with caution in large environments.

6. Context Lines (Optional)

Purpose: Show N lines before and after each match for context.

Options:

• 0 lines (default) - Show only matching lines
• 1-10 lines - Show surrounding context

Example with 3 context lines:

interface GigabitEthernet0/0
 description Uplink to Core
 ip address 10.0.0.1 255.255.255.0    ← Match
 ip access-group 100 in
 no shutdown

Use case: Understanding what surrounds a matched configuration element—interface settings, ACL rules, routing protocol context.

---

Running a Search

Basic Search Workflow

1. Select Command (optional): Choose specific command like show run
2. Enter Search String: Type text or regex pattern
3. Select Command Group: Choose device category
4. Configure Options:
   • Case sensitivity (default: insensitive)
   • Latest only (default: enabled)
   • Context lines (default: 0)
5. Click Search
6. Review Results: Matching devices and lines displayed

Search Results Display

Results include:

• Device name
• Configuration file path
• Matched lines with highlighting
• Context lines (if enabled)
• Total match count per device
• Link to view full configuration

Result actions:

• Click device name to view device details
• Click config file link to open full configuration in Monaco Editor
• Export results to CSV for offline analysis
• Copy matched content to clipboard
• Use results with configuration diff analysis

---

Search Examples

Example 1: Find All Devices with Specific SNMP Community

Goal: Identify devices using SNMP community “public”

Configuration:

• Command: show run
• Search String: snmp-server community public
• Command Group: All Devices
• Case Sensitive: Disabled
• Latest Only: Enabled
• Context Lines: 2

Use case: Security audit requires removing default SNMP communities.

Example 2: Find Devices with Specific NTP Server

Goal: Which devices still use deprecated NTP server 192.168.1.10?

Configuration:

• Command: show run
• Search String: ntp server 192.168.1.10
• Command Group: Core Network
• Case Sensitive: Disabled
• Latest Only: Enabled
• Context Lines: 0

Use case: Planning NTP server migration, need device inventory.

Example 3: Find All ACLs Containing Specific Network

Goal: Find ACLs referencing network 10.50.0.0/16

Configuration:

• Command: show run
• Search String: 10\.50\. (regex)
• Command Group: Firewalls
• Case Sensitive: Disabled
• Latest Only: Enabled
• Context Lines: 5

Use case: Network decommissioning requires ACL cleanup.

Example 4: Historical Search - When Was BGP Neighbor Added?

Goal: Determine when BGP neighbor 10.0.0.5 was added to configs

Configuration:

• Command: show run
• Search String: neighbor 10.0.0.5
• Command Group: Core Routers
• Case Sensitive: Disabled
• Latest Only: Disabled (search all history)
• Context Lines: 3

Use case: Troubleshooting routing issues by understanding when neighbor was configured.

Example 5: Regex - Find All Interfaces with VLANs

Goal: Find all interface configurations with VLAN assignments

Configuration:

• Command: show run
• Search String: switchport access vlan \d+ (regex)
• Command Group: Access Switches
• Case Sensitive: Disabled
• Latest Only: Enabled
• Context Lines: 5

Use case: VLAN audit across access layer.

---

Regular Expression Support

Configuration Search supports full regex patterns for advanced matching. Use regex when:

• Searching for patterns, not literal text
• Need wildcards or character classes
• Matching multiple variations

Regex Basics

Pattern	Meaning	Example
.	Any character	192.168.1.. matches 192.168.1.1 through 192.168.1.99
*	Zero or more	router.*ospf matches router ospf, router eigrp ospf
+	One or more	\d+ matches 1, 123, 999
?	Zero or one	https? matches http or https
\d	Any digit	vlan \d+ matches vlan 10, vlan 100
\s	Whitespace	ip\s+address matches ip address, ip address
^	Start of line	^interface matches lines starting with “interface”
$	End of line	shutdown$ matches lines ending with “shutdown”
[]	Character class	[Gg]igabit matches Gigabit or gigabit
|	OR	(Gigabit|TenGigabit) matches either

Regex Examples

Find any IP address:

\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}

Find interfaces with specific names:

^interface (GigabitEthernet|TenGigabitEthernet)\d+/\d+

Find SNMP with any community:

snmp-server community \S+

Find access-lists 10-99 (standard ACLs):

access-list [1-9][0-9]?

Find BGP AS numbers:

router bgp \d+

Regex resources:

• RegExp Cheat Sheet
• regex101.com - Test patterns before searching
• RegExr - Another testing tool with documentation

---

Best Practices

Start Simple, Add Complexity

Begin with literal text searches. Add regex only when needed for pattern matching.

Example progression:

1. Search: ntp server (find all NTP config)
2. Search: ntp server 192.168 (narrow to specific subnet)
3. Search: ntp server 192\.168\.\d+\.\d+ (regex for any IP in subnet)

Use Command Filtering

Searching show run is faster than searching all commands. If you know where the config element appears, filter by command.

Enable Context for Troubleshooting

When investigating issues, enable 3-5 context lines to understand surrounding configuration.

Disable “Latest Only” Sparingly

Historical searches are powerful but slow. Only disable “Latest Only” when you specifically need historical data.

Export Results for Documentation

After searching, export results to CSV for:

• Audit reports
• Change documentation
• Sharing with team members
• Offline analysis in Excel/spreadsheet tools

Test Regex Patterns

Before running complex regex searches across hundreds of devices, test patterns on regex101.com with sample config text.

---

Troubleshooting

Search Returns No Results

Possible causes:

1. Typo in search string: Verify spelling
2. Wrong command group: Check if devices in that category have the config element
3. Case sensitivity enabled: Disable if unsure about case
4. Regex syntax error: Test regex in regex101.com first
5. Config element doesn’t exist: May have been removed in recent backup

Solution: Broaden search—try fewer keywords, disable case sensitivity, search all commands.

Search Takes Too Long

Possible causes:

1. “Latest Only” disabled: Searching all history is slow
2. Large command group: Hundreds of devices with daily backups = thousands of files
3. Complex regex: Inefficient patterns cause backtracking

Solutions:

• Enable “Latest Only” if historical data not needed
• Search smaller command groups
• Simplify regex patterns
• Be patient—large searches may take 30-60 seconds

Page Hangs During Search

Possible causes:

1. Historical search across too many files
2. Browser timeout
3. Server resource constraints

Solutions:

• Refresh page and enable “Latest Only”
• Search smaller device categories
• Run search during off-peak hours
• Contact rConfig support if persistent

Regex Not Matching

Possible causes:

1. Regex syntax error
2. Special characters not escaped
3. Case sensitivity issue
4. Pattern doesn’t match actual config format

Solutions:

• Test pattern in regex101.com with real config sample
• Escape special characters: . becomes \.
• Disable case sensitivity
• View actual config to verify pattern accuracy

---

Use Cases in Production

Security Compliance

Scenario: Quarterly audit requires proof that no devices use default SNMP community “public”.

Search:

• Search String: snmp-server community public
• Command Group: All Devices
• Latest Only: Enabled

Result: Zero matches = compliance. Non-zero = remediation list.

Change Planning

Scenario: Migrating from NTP server 10.0.0.5 to 10.0.0.10.

Search:

• Search String: ntp server 10\.0\.0\.5
• Command Group: All Devices
• Latest Only: Enabled

Result: List of 47 devices requiring NTP config updates. Export to change ticket.

Incident Response

Scenario: Suspected unauthorized access from IP 203.0.113.50.

Search:

• Search String: 203\.0\.113\.50
• Command Group: All Devices
• Latest Only: Enabled
• Context Lines: 10

Result: Found in ACL on 3 firewalls. Context shows ACL permits this IP. Cross-reference with configuration diff analysis to see when ACL was added.

Configuration Standardization

Scenario: Corporate policy requires all devices log to syslog server 10.1.1.100.

Search:

• Search String: logging host 10\.1\.1\.100
• Command Group: All Devices
• Latest Only: Enabled

Result: 80 of 120 devices configured correctly. 40 need remediation via configuration snippets.

---

Related Documentation

• Configuration Diffs - Compare configuration versions
• Configuration Backup Implementation - How configs are captured
• Config Editor - Viewing and editing configurations
• Change Pulse - Real-time configuration change monitoring

---

Quick Reference

Search Field Summary

Field	Required	Default	Purpose
Command	No	All commands	Filter to specific command output
Search String	Yes	-	Text or regex to find
Command Group	Yes	-	Device category to search
Case Sensitive	No	Disabled	Match case exactly
Latest Only	No	Enabled	Search only recent configs
Context Lines	No	0	Lines before/after match

Common Search Patterns

Goal	Search String
Find SNMP community	snmp-server community \S+
Find NTP servers	ntp server \d+\.\d+\.\d+\.\d+
Find BGP neighbors	neighbor \d+\.\d+\.\d+\.\d+ remote-as
Find ACLs	access-list \d+
Find VLANs	switchport access vlan \d+
Find interfaces	^interface \S+
Find logging hosts	logging host