Hi Jesty,

Correct me if I'm wrong.

So under the FMC terminal.

sudo su -- for root user

then " pmtool status |grep SFTop10Cacher " will check the status.

What should I be expecting under the status? and what should I check?

Then this command " pmtool restartbyid SFTop10Cacher " is to restart the service of FMC.

Not the FMC itself right?

I'll get back to you once I have completed this procedure.

Thank you!

Kind regards,

Enrico

Hello Romero,

Login to the ssh of the Firesight Management Center.

admin@123 # sudo su  -

Enter the root password.

root@123 # pmtool status SFTop10Cacher

Verify that the status of the service is running.

This service plays a key role in dashboard data generation.Thus we need to restart this specific service. Restarting this service wont affect any other service in Firesight and it also wont restart the device.

root@123 # pmtool restartbyid SFTop10Cacher

The service will be restarted. After restarting , verify the status of the service once again.

root@123 # pmtool status SFTop10Cacher

Let me know if you have any questions.

Rate if the post helps you.

Regards

Jetsy 

Hi Jetsy,

Thank you so much for these information.

I will definitely give you feedback or I'll message again if I have any questions.

Kind regards,

Enrico

Hi ,

If the module is in disabled state , we might need to restart some services or we might need to even delete the module from FMC and re add it again.

Regards,

Aastha Bhardwaj

Rate if that helps!!!

Hi Guys,

I've done the following procedures:

>> Remove the registered Device under the FMC.

>> Removed the managers under SFR module.

>> Rebooted both SFR and FMC.

>> Applied managers and Device.

>> Reapplied the policies and others.

Traffic was seen however it was just for a short period of time (from 10:42am to 11:07am).

I've even performed the "pmtool status SFTop10Cacher" and "pmtool restartbyid SFTop10Cacher", but currently not showing any data.

Addition to, the SFR module is running on 5.4.1-211 and while the FMC is on 5.4.1.1.

Please see attached images for reference.

I'm really confused on what is going on.

PS:

I have clicked the download updates under the screenshot16.jpg and I got a software version of 5.4.1.7-23. Should I install that update?

Thanks in advance.

Kind regards,

Enrico

Hello Team,

You can upgrade the FMC to the latest version of 5.4.1.7 .To update to Version 5.4.1.7, a Defense Center must be running at least Version 5.4. and thus you can easily upgrade the FMC. Please refer the release notes for any other queries regards with the upgrade.

http://www.cisco.com/c/en/us/td/docs/security/firesight/5408/relnotes/FireSIGHT-System-Release-Notes-version5408-and-5417.html#pgfId-631211

Regards

Jetsy 

Hello Enrico,

As last try you can gracefully reboot the system after above workarounds. If its still doesnt change, you can re-register the Firepower to the Firesight.

Rate and mark correct if the post helps you

Regards

Jetsy 

Hi Jesty,

By the means of reboot the system. Meaning restart the SFR and also the FMC?

Re-registering the Firepower to the Firesight process is deleting the registered device and creating a new manager under the SFR module then adding the device again under the FMC? is that right?

I'm just really new to this Cisco ASA so please bear with me.

Thanks in advance!

Kind regards,

Enrico

Hi Jesty,

Good day!

Sorry it took so long.

I've followed your instructions about the "pmtool status SFTop10Cacher" and "pmtool restartbyid SFTop10Cacher".

It did not work, we even waited for more than an hour.

Previously the FMC was showing data but it stopped when the SFR was restarted.

Please see images for your reference. This was just taken today after the procedure.

The module status summary of the 172.16.28.2 (SFR module IP) is currently disabled.

How can we fix this?