2.2.1 SonicWall NSA - Ignored Data Filter not functioning

Unimus support forum
Post Reply
amperages
Posts: 1
Joined: Fri Mar 11, 2022 2:35 pm

Fri Mar 11, 2022 2:42 pm

Due to notifications of configuration changes, I'm receiving emails stating a temporary accounts lifetime (due to an expiration time of N days is set) the configuration will change each night:

Code: Select all

5503	5503		password 4,<-filtered->
5504	5504		no force-password-change
5505	 	-	account-lifetime 306 days
 	5505	+	account-lifetime 305 days
5506	5506		expiration 2023:01:10 12:43
5507	5507		no prune-on-expiry
I've added an Ignored data filter that applies to this device:

Code: Select all

Name                Condition            Text	
Account Lifetime    Line starts with     account-lifetime
...but I'm still receiving the notification that the configuration has changed due to this account lifetime modified by SonicOS itself.

I've seen some other posts on here with regards to regex, but this isn't regex (I don't think?) as I've specified with Unimus that this occurs at the beginning of the line and not to search and ignore with a regex pattern.
Vik@Unimus
Posts: 198
Joined: Thu Aug 05, 2021 6:35 pm

Fri Mar 11, 2022 3:06 pm

Hello,

It is possible the actual lines in the backup have some amount of whitespaces in front of the string, e.g. it could be indented. This wouldn't be currently visible when showing a diff (such whitespaces are truncated, we will change this behavior in the future), but if you view your backup, you should see if there are any leading whitespaces. If that'd be the case, regex would be able to account for such occurrence, e.g. this regex

(?m)^.*account-lifetime.*$

so you should see

<-filtered->

instead of

account-lifetime 306 days

This change will show even with already existing backups in the system if you check the diff, otherwise manually back up a device or wait for the next scheduled run.
If you find that there are actually no whitespaces before that string in the backup, then I would recommend checking if the filter is applied to correct devices.

Let me know what you find out.
Post Reply