FN – 70466 – FTD High Unmanaged Disk Utilization on Firepower Appliances Due to Untracked Files
If you are running FTD code 6.1, then you already are in a bad spot. However, this notice goes from 6.1.0 through 6.4.0.7
That said, most of you probably are all running one of these codes, hopefully 6.3 at a bare minimum, however, if you’re my customer I already have you at 6.5.x.
So, if you see this
Then there is a workaround for you!
Workaround/Solution
Cisco recommends that you upgrade the Firepower software to Version 6.4.0.8 or later. Easy peasy, right? Not for a lot of you that are way down on your updates….
- Expert Mode in order to manually delete the affected log files and free up disk space on your Firepower appliance(s) with these commands.
- For Firepower Threat Defense (FTD) devices, use these commands:
- rm -rf /ngfw/var/sf/detection_engines/<uuid>/instance-*/fileperfstats.log.*
- rm -rf /ngfw/var/sf/detection_engines/<uuid>/instance-*/ssl-certs-unified.log.*
- rm -rf /ngfw/var/sf/detection_engines/<uuid>/instance-*/ssl-nse-debug.log.*
- rm -rf /ngfw/var/sf/detection_engines/<uuid>/instance-*/ssl-stats-unified.log.*
Please consider update your FMC/FTD to the latest codes so these will be easier for you in the future! :)
Cheers!
I still get this alert in 6.5.0.4 /ngfw has 127GB Free is 61GB and used is 67GB.
Seem like plenty free so why the constant alert? Have you seen this happen in 6.5?
No, I have not seen that in 6.5
make sure your FMC and FTD devices are all updated to the latest release, and if you still have the problem, open a ticket with TAC