07-25-2017 07:46 AM - edited 03-12-2019 06:28 AM
Dears,
We are having alot of error messages displayed on our firepower 8350 device , 20 errors are being sent at one second almost every 20 second
"Jul 25 12:58:11 xxxxxxxxxxx SF-IMS[28034]: Unable to connect to UNIX socket at /var/sf/run/sfha.sock: No such file or directory"
could you please advise what is the cause of this issue ?
appreciate to share your experience and thoughts,
Thanks,
Solved! Go to Solution.
07-25-2017 11:35 PM
Hello Muayad,
Is it a hardware sensor ? Are you getting any health alerts for this sensor ?
What is the software version and hardware model that is in use ? Is the sensors are configured as cluster ?
Any failover happened ?
Regards
Jetsy
07-25-2017 11:14 PM
This sort of low level error message is best sorted out by opening a TAC case.
You don't by any chance have a high availability configuration configured on your Firepower Management Center do you?
07-25-2017 11:27 PM
Actually yes, we have HA configured between FMC's abd its working fine at the moment.
However, this message is displayed on one of the sensors that are managed by FMCs.
07-25-2017 11:35 PM
Hello Muayad,
Is it a hardware sensor ? Are you getting any health alerts for this sensor ?
What is the software version and hardware model that is in use ? Is the sensors are configured as cluster ?
Any failover happened ?
Regards
Jetsy
07-26-2017 06:09 AM
Hello Jetsy,
The hardware is FPR8350 with software 6.1.0.2 ... the health alerts indicate a disk usage issue which reached 95% right now. . the sensor is a standalone. failover is working fine and no failover happened.
Best Regards,
Muayad Jallad,
07-26-2017 06:58 AM
Hello Muayad,
Please remove the old backup files and old upgrade patch files if there are any. If you need assistance in those then contact the TAC and they will help you in clearing the disk usage issues.
For the error that you mentioned in the first message , is the policy apply is happening successfully for this sensor ?
Regards
Jetsy
07-26-2017 07:23 AM
Hi Jetsy,
We already removed all the files that we suspected to fill the disk space. However, the disk usage error returned again.
Regarding the other error , yes the policy apply is successful on this sensor with no errors and the policy is working on this sensor.
Best Regards,
Muayad Jallad,
07-26-2017 07:31 AM
Hello Muayad
What is the following output shows from the Firepower CLI ?
admin@123# df -h
If the threshold is fine , then the alert can be a false alarm as well.
I am just providing you a bug which I have recently worked on.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf34107/?reffering_site=dumpcr
Apart from the disk usage , if the policy apply works fine and no any health alerts existing then the status of the sensor should be fine.
You can also check if any services are down in the sensor using the following command.
admin@123# pmtool status |grep -i down
Rate if this answer helps.
Regards
Jetsy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide