Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1466
Views
5
Helpful
3
Replies

Disk space issue in Firepower 9300 module

Chess Norris
Level 4
Level 4

‎02-12-2019 02:08 AM - edited ‎03-12-2019 07:17 AM

I just starting to get disk space alarms from FMC about one of our firepower 9300 modules running version 6.2.3

I can see that there is two specific folders called detection_engines that can be found under /ngfw/var/sf/ and under /ngfw/volume/6.2.3/sf/  

Those folders are about 40 Gig each and contain sub folders named instance-1, Instance-2, etc. and each of those folders contain thousands of files with names like unified_events-1.log and unified_stats.1533299968.

Anyone know what those files are and what can be removed? I tried to do a cat on one of the log files, but they seam to be binary files.

 

Thanks in advance

/Jörgen

Labels:
0 Helpful
3 Replies 3

matty-boy
Level 1
Level 1

‎02-12-2019 03:32 AM

Hello,

This could be related to an issue I've seen in the past where the disk manager process stops and needs to be restarted.
For us, there was no easy, permanent fix, just the workaround below. We don’t know why the issue only affects one 2140 but it does. Apparently it's a known bug and is fixed in version 6.3.

 

The process that works for us is as follows:-

1. SSH to the firewall
2. Go into expert mode
3. Make a note of the current disk usage of the /ngfw directory:
firepower:/$ df -h /ngfw
4. Restart the diskmanager process:
firepower:/$ sudo pmtool restartbyid diskmanager (enter the password if prompted)
5. Wait a few minutes, then check the disk usage of the /ngfw directory again:
firepower:/$ df -h /ngfw

 

You should notice the disk usage is now reduced.
The alarm in the FMC should disappear after a short while.

 

Hope this helps,
Matt.

Chess Norris
Level 4
Level 4
In response to matty-boy

‎02-12-2019 03:40 AM

Thank you for the reply.  I will try restarting the disk manager. Do you happen to have the bug id for this issue?

 

Thanks

/Jörgen

0 Helpful

matty-boy
Level 1
Level 1
In response to Chess Norris

‎02-12-2019 03:58 AM

The TAC engineer we worked with pointed us at this bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz28594

 

Although that doesn't appear to mention the workaround that TAC provided to us directly.

 

HTH,

Matt.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card