Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
72
Views
0
Helpful
1
Comments

Solution to fix high unmanaged disk usage on /ngfw FTD firewall.

nomair_83
Level 3
Level 3

on ‎04-28-2025 08:18 AM

Symptoms:

FMC is showing high unmanaged disk usage alert on /ngfw.

FTD HA standby unit failed due to low disk space 96% on /ngfw

FTD version 7.0.5

Diagnosis:

Checked the disk utilization on the FTD CLI.

 /opt/cisco/csp was utilizing 62%.

sda6 partition was utilizing 96%

Used below command the list the high disk usage files and later deleted the old troubleshooting files, upgrade files, log files.

find /ngfw -type f -print0 | xargs -0 du -h | sort -rh | head -n 30

Deleted the large file

# rm <filename>


We checked that many open deleted files are still there.

#lsof | grep deleted

 

lina 11138 11309 lina.core root 134u REG 8,6 40630058805 282929123 /opt/cisco/csp/applications/cisco-ftd.6.2.0.362__ftd_001_JAD204802REX6JI9I4/app_data/disk0/log/asa-ssp_ntp.log.1 (deleted)
lina 11138 11310 lina.core root 134u REG 8,6 40630058805 282929123 /opt/cisco/csp/applications/cisco-ftd.6.2.0.362__ftd_001_JAD204802REX6JI9I4/app_data/disk0/log/asa-ssp_ntp.log.1 (deleted)


We tried to restart the syslog-ng process to clear all the open deleted files but It didn't work.

Solution:

You can run below command and monitor the partition usage.

OmniQuery.pl -db mdb -e "flush logs;"

Some customers directly restarted the firewall, and post reboot, the usage reduced to 9 % for /opt/cisco/csp and 30% for sda6 partition.

Suggested to upgrade to 7.4.2 version.

Thanks

0 Helpful
Comments
mocego1482
Level 1
Level 1
‎04-30-2025 04:51 AM

High disk usage on the FTD (/ngfw) caused the HA standby unit to fail. Initial troubleshooting involved deleting large log and temporary files, but the space wasn't fully reclaimed due to open deleted files held by the `lina.core` process. Restarting `syslog-ng` didn't resolve this. The suggested solutions were to use `OmniQuery.pl -db mdb -e "flush logs;"` to attempt log flushing or to reboot the firewall, which proved effective in reducing E-ZPassMD disk usage. A long-term solution is to upgrade to FTD version 7.4.2, which likely contains fixes related to disk management. Resolving this on both active and standby units is crucial for restoring HA.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents