High disk usage on the FTD (/ngfw) caused the HA standby unit to fail. Initial troubleshooting involved deleting large log and temporary files, but the space wasn't fully reclaimed due to open deleted files held by the `lina.core` process. Restarting `syslog-ng` didn't resolve this. The suggested solutions were to use `OmniQuery.pl -db mdb -e "flush logs;"` to attempt log flushing or to reboot the firewall, which proved effective in reducing E-ZPassMD disk usage. A long-term solution is to upgrade to FTD version 7.4.2, which likely contains fixes related to disk management. Resolving this on both active and standby units is crucial for restoring HA.

Hello,
The Firepower Management Center (FMC) reported a high unmanaged disk usage alert on the /ngfw partition, which led to the failure of the FTD HA standby unit due to low disk space—specifically, 96% utilization on the sda6 partition. The device was running FTD version 7.0.5. Upon investigation through the CLI, it was observed that /opt/cisco/csp was using 62% of its space, and sda6 was nearly full. Using the find command, the largest files were identified, and old troubleshooting, upgrade, and log files were manually deleted. Despite this, disk usage remained high due to open deleted files still being held by active processes, as confirmed by lsof | grep deleted.   CatMeowSounds App Attempts to resolve the issue by restarting the syslog-ng process were unsuccessful. As a remediation step, the command OmniQuery.pl -db mdb -e "flush logs;" was suggested to flush logs. In several cases, a system reboot successfully cleared the issue, reducing /opt/cisco/csp usage to 9% and sda6 to 30%. As a long-term solution, it is recommended to upgrade to FTD version 7.4.2, which includes improvements in disk usage management and log handling.