FN – 70466 – FTD High Unmanaged Disk Utilization on Firepower Appliances Due to Untracked Files

If you are running FTD code 6.1, then you already are in a bad spot. However, this notice goes from 6.1.0 through 6.4.0.7

That said, most of you probably are all running one of these codes, hopefully 6.3 at a bare minimum, however, if you’re my customer I already have you at 6.5.x.

So, if you see this

Then there is a workaround for you!

Workaround/Solution

Cisco recommends that you upgrade the Firepower software to Version 6.4.0.8 or later. Easy peasy, right? Not for a lot of you that are way down on your updates….

  1. Expert Mode in order to manually delete the affected log files and free up disk space on your Firepower appliance(s) with these commands.
  2. For Firepower Threat Defense (FTD) devices, use these commands:
    • rm -rf /ngfw/var/sf/detection_engines/<uuid>/instance-*/fileperfstats.log.*
    • rm -rf /ngfw/var/sf/detection_engines/<uuid>/instance-*/ssl-certs-unified.log.*
    • rm -rf /ngfw/var/sf/detection_engines/<uuid>/instance-*/ssl-nse-debug.log.*
    • rm -rf /ngfw/var/sf/detection_engines/<uuid>/instance-*/ssl-stats-unified.log.*

Please consider update your FMC/FTD to the latest codes so these will be easier for you in the future! :)

Cheers!

2 Comments

  1. I still get this alert in 6.5.0.4 /ngfw has 127GB Free is 61GB and used is 67GB.

    Seem like plenty free so why the constant alert? Have you seen this happen in 6.5?

Leave a Reply

Your email address will not be published. Required fields are marked *