FN – 70466 – FTD High Unmanaged Disk Utilization on Firepower Appliances Due to Untracked Files

Be the first to comment.

If you are running FTD code 6.1, then you already are in a bad spot. However, this notice goes from 6.1.0 through 6.4.0.7

That said, most of you probably are all running one of these codes, hopefully 6.3 at a bare minimum, however, if you’re my customer I already have you at 6.5.x.

So, if you see this

Then there is a workaround for you!

Workaround/Solution

Cisco recommends that you upgrade the Firepower software to Version 6.4.0.8 or later. Easy peasy, right? Not for a lot of you that are way down on your updates….

  1. Expert Mode in order to manually delete the affected log files and free up disk space on your Firepower appliance(s) with these commands.
  2. For Firepower Threat Defense (FTD) devices, use these commands:
    • rm -rf /ngfw/var/sf/detection_engines/<uuid>/instance-*/fileperfstats.log.*
    • rm -rf /ngfw/var/sf/detection_engines/<uuid>/instance-*/ssl-certs-unified.log.*
    • rm -rf /ngfw/var/sf/detection_engines/<uuid>/instance-*/ssl-nse-debug.log.*
    • rm -rf /ngfw/var/sf/detection_engines/<uuid>/instance-*/ssl-stats-unified.log.*

Please consider update your FMC/FTD to the latest codes so these will be easier for you in the future! :)

Cheers!

Leave a Reply

Your email address will not be published. Required fields are marked *