Cisco ASA 5508 FTD Image - /dev/mapper/var

pgiouvanellis · ‎02-05-2019

Hello Everyone ,

We have an implementation with a single Cisco ASA 5508 with FTD Image managed by Firwpower Device Manager ( FDM) and we have notice that when we logged in the ASA and import the command "show disks " we

see that the " /dev/mapper/var " directory is getting bigger an bigger with time passing , about 1-2 GB per day .

In past we have faced a problem with this ASA and the problem was the same ,

the specific partition of disk was full , was 100% .

So we re-image ASA and restore the config .I believe we starting facing the same problem .

The FTD Image we use is 6.2.9 .

Please if anyone knows what is store on this partition or what we can to to not to getting bigger please advice .

Thank You ,

Palaiologos

ipo.peniel_rg · ‎07-11-2021

you managed to fix this? I have the same issue on my device.

Marvin Rhoads · ‎07-11-2021

There are numerous resolved bugs specific to high disk usage in releases following the 6.2.3.9 release the original poster mentioned (taking into account they incorrectly cited 6.2.9 which is not a valid release number).

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/623x/relnotes/Firepower_Release_Notes_623x/resolved_issues.html

@ipo.peniel_rg what release are you running?

ipo.peniel_rg · ‎07-11-2021

hello Sir,

PLease find below is my issue. FTD version 6.3.0

My firewall Device Disk is Full and cannot access FDM on browser. See details and pigtail below:

> show disk

Filesystem Size Used Avail Use% Mounted on

devtmpfs 3.8G 18M 3.8G 1% /dev

tmpfs 3.9G 476K 3.9G 1% /run

tmpfs 3.9G 92K 3.9G 1% /var/volatile

/dev/sdb1 6.9G 144M 6.8G 3% /mnt/disk0

/dev/mapper/root 3.8G 560M 3.1G 16% /ngfw

/dev/mapper/var 80G 79G 0 100% /home

tmpfs 3.9G 0 3.9G 0% /dev/cgroups

> show disk-manager

No connection to /ngfw/var/sf/run/diskmanager.sock - Accept queue is full? at /ngfw/usr/local/sf/lib/perl/5.10.1/SF/MessageSocket.pm line 1057.

Disk Utilization not available.

MySQLDatastore [WARN] MySQLDatastore.c:639:Connect(): Trying to connect to database server after error 2002: Can't connect to local MySQL server through socket '/ngfw/var/run/mysql/mysql.sock' (111)

HTTP: 06-26 23:58:48 .933895 2021] [log_config:warn] [pid 2898:tid 47728810612480] (28)No space left on device: [client 192.168.45.47:1050] AH00646: Error writing to /ngfw/var/log/httpd/httpsd_access_log

HTTP: 06-26 23:58:54 .575687 2021] [log_config:warn] [pid 2898:tid 47728789600000] (28)No space left on device: [client 192.168.45.47:1073] AH00646: Error writing to /ngfw/var/log/httpd/httpsd_access_log

HTTP: 06-26 23:59:08 .302089 2021] [log_config:warn] [pid 2898:tid 47728806409984] (28)No space left on device: [client 192.168.45.47:1096] AH00646: Error writing to /ngfw/var/log/httpd/httpsd_access_log

HTTP: 06-27 00:29:27 .085480 2021] [log_config:warn] [pid 2898:tid 47728802207488] (28)No space left on device: [client 192.168.45.47:29662] AH00646: Error writing to /ngfw/var/log/httpd/httpsd_access_log

HTTP: 06-27 00:35:32 .309509 2021] [log_config:warn] [pid 2898:tid 47728798004992] (28)No space left on device: [client 192.168.45.4

show_inventory_all -1288000592

Name: "Chassis", DESCR: "ASA 5516-X with FirePOWER services, 8GE, AC, DES"

PID: ASA5516 , VID: V06 , SN: JMX2033Y1RQ

Name: "Storage Device 1", DESCR: "ASA 5516-X SSD"

PID: ASA5516-SSD , VID: N/A , SN: MSA203003UC

ipo.peniel_rg · ‎07-11-2021

FTD 6.3.0

Marvin Rhoads · ‎07-12-2021

Similar to the original poster, 6.3.0 has several subsequent patches that resolve a couple of disk utilization issues:

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/630x/relnotes/firepower-release-notes-630x/resolved-issues.html

Is your system in production use or a lab? If it's in a lab, I would reimage it with a more current version and start from there. If it is in production, you might need to open a TAC case to assist cleaning up the disk prior to getting access to FDM so that you can upgrade or patch.