I have an ASA running sourcefire. Recently I noticed that the sourcefire module is showing as unresponsive and not functioning properly. After logging into the system I noticed that /var is 100% full. However if I run the following command "sudo du -shc /var/*" I am shown only 38G in use. I performed a reload of the ASA but am still showing the same discrepancy of disk usage. Anyone know where I can locate the other 22G of files so I can cleanup the system and get SFR running again?
> show disk
Filesystem Size Used Avail Use% Mounted on
/dev/root 3.7G 971M 2.5G 28% /
devtmpfs 1.7G 80K 1.7G 1% /dev
/dev/sda1 88M 21M 62M 26% /boot
/dev/vda7 65G 62G 0 100% /var
none 1.8G 5.7M 1.7G 1% /dev/shm
tmpfs 1.8G 0 1.8G 0% /dev/cgroups
sudo du -shc /var/*
here is most space used follow below thread :
I wasn't able to find any files that I could remove in the directories linked above. However the folder /var/sf/SRU/ shows up as being 21G and contains files like: Cisco_Firepower_SRU-2018-09-20-002-vrt.sh.REL.tar. These files range from 09/2018 to 06/2021 and are roughly 100M to 150M each.
Can I remove all of these files except for the latest one or are they all needed?
the SRU are Sourcefire Rule Updates. I would assume that these files are safe to remove as they are .tar and .sh which are typically used to install the updates. But I would recommend checking with Cisco / TAC before removing them to be sure that they aren't in use.
After clearing the files (20G worth) our sourcefire module is now showing as up, however isn't fully working. After logging back in I am getting this message: The cisco 6.6.4 upgrade has halted, status: [22%] Fatal error: error running script 300_os/070_setup_Partition.sh. For more details see /var/log/sf/Cisco_Network_Sensor_Upgrade-6.6.4/300_os/070_Setup_partition.sh.log on the device being upgraded. If log files indicate upgrade failure and failure condition has been fixed, upgrade can be resume by running 'upgrade_resume.sh'.
I don't seem to be able to locate the upgrade_resume.sh script. Can anyone point me where this would exist?