Solved: FirePower error messages - Cisco Community

2794

Views

0

Helpful

7

Replies

Dears,

We are having alot of error messages displayed on our firepower 8350 device , 20 errors are being sent at one second almost every 20 second

"Jul 25 12:58:11 xxxxxxxxxxx SF-IMS[28034]: Unable to connect to UNIX socket at /var/sf/run/sfha.sock: No such file or directory"

could you please advise what is the cause of this issue ?

appreciate to share your experience and thoughts,

Thanks,

1 Accepted Solution

Accepted Solutions

Hello Muayad,

Is it a hardware sensor ? Are you getting any health alerts for this sensor ?

What is the software version and hardware model that is in use ? Is the sensors are configured as cluster ?

Any failover happened ?

Regards

Jetsy

View solution in original post

7 Replies 7

This sort of low level error message is best sorted out by opening a TAC case.

You don't by any chance have a high availability configuration configured on your Firepower Management Center do you?

Actually yes, we have HA configured between FMC's abd its working fine at the moment.

However, this message is displayed on one of the sensors that are managed by FMCs.

Hello Muayad,

Is it a hardware sensor ? Are you getting any health alerts for this sensor ?

What is the software version and hardware model that is in use ? Is the sensors are configured as cluster ?

Any failover happened ?

Regards

Jetsy

Hello Jetsy,

The hardware is FPR8350 with software 6.1.0.2 ... the health alerts indicate a disk usage issue which reached 95% right now. . the sensor is a standalone. failover is working fine and no failover happened.

Best Regards,

Muayad Jallad,

Hello Muayad,

Please remove the old backup files and old upgrade patch files if there are any. If you need assistance in those then contact the TAC and they will help you in clearing the disk usage issues.

For the error that you mentioned in the first message , is the policy apply is happening successfully for this sensor ?

Regards

Jetsy

Hi Jetsy,

We already removed all the files that we suspected to fill the disk space. However, the disk usage error returned again.

Regarding the other error , yes the policy apply is successful on this sensor with no errors and the policy is working on this sensor.

Best Regards,

Muayad Jallad,

Hello Muayad

What is the following output shows from the Firepower CLI ?

admin@123# df -h

If the threshold is fine , then the alert can be a false alarm as well.

I am just providing you a bug which I have recently worked on.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf34107/?reffering_site=dumpcr

Apart from the disk usage , if the policy apply works fine and no any health alerts existing then the status of the sensor should be fine.

You can also check if any services are down in the sensor using the following command.

admin@123# pmtool status |grep -i down

Rate if this answer helps.

Regards

Jetsy

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking for a $25 gift card