Re: Disk usage issue on Cisco Firepower

alejandrolopezlext · ‎08-01-2020

I have low space in file system /var/ en my cisco firepower sensor, I validated files with big weight and I found a file in path /var/sf/detection_engines that takes a lot of space (110G):

root@SFNGIPSB:/var/sf/detection_engines# du -sh *

110G 5b63061c-a756-11e8-8842-8a7aff71b588

116M 5b6dd3b2-a756-11e8-8842-8a7aff71b588

116M 5b6ed564-a756-11e8-8842-8a7aff71b588

@ciscoCommunity Can I delete this file?

Marvin Rhoads · ‎08-01-2020

Older detection engine folders may be deleted. Make sure it's not the one associated with your current policy.

Mohammed al Baqari · ‎08-02-2020

alejandrolopezlext · ‎08-03-2020

Effectively, engine folder with high weight is the one associated with my current policy , the next files have huge weight:

root@SFNGIPSB:/var/sf/detection_engines/5b63061c-a756-11e8-8842-8a7aff71b588# du -sh *

32G instance-1
19G instance-2
14G instance-3
14G instance-4
14G instance-5
18G instance-6

what can I do to free up space?

Mohammed al Baqari · ‎08-03-2020

I suggest to contact tac to get their confirmation before deleting files.
You don't want to get this wrong.

**** please remember to rate useful posts

alejandrolopezlext · ‎08-03-2020

@Marvin Rhoads Effectively, engine folder with high weight is the one associated with my current policy , the next files have huge weight:

root@SFNGIPSB:/var/sf/detection_engines/5b63061c-a756-11e8-8842-8a7aff71b588# du -sh *

32G instance-1
19G instance-2
14G instance-3
14G instance-4
14G instance-5
18G instance-6

what can I do to free up space?

Marvin Rhoads · ‎08-03-2020

I agree with @Mohammed al Baqari to check with TAC first. They should confirm you can delete the old detection engine files.