Field Notice: FN - 64305 - Firepower Sensor - Excessive Error Messages Might Overwrite Device Syslog Files - Software Upgrade Recommended

Available Languages

Updated:December 13, 2017

Document ID:FN64305

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision	Publish Date	Comments
1.0	06-Jun-17	Initial Release
10.0	13-Dec-17	Migration to new field notice system

Products Affected

Affected OS Type	Affected Release	Affected Release Number
NON-IOS	6.1	6.1.0,6.1.0.1
NON-IOS	6.0	6.0.1
NON-IOS	6.2	6.2.0

Defect Information

Defect ID	Headline
CSCvb06707	Excessive error messages from ADI for no DN for user, LQ_DN_UNAVAILABLE

Problem Description

Misconfiguration of the realm object might cause excessive error messages that result in syslog files being overwritten in the Firepower sensor.

Background

Certain platform misconfigurations might cause excessive error messages that result in syslog files being overwritten in the Firepower sensor. These error messages are most commonly seen when there is a misconfiguration in the realm object that results in a log in event for a user that can not be found in Active Directory based on the "Base DN" field. The issue might also occur when the incorrect user/password is used to download the users/groups.

Problem Symptom

No user-facing symptoms are caused by this defect. However, it causes potentially valuable information in the Firepower sensor syslog files to be overwritten by the large number of error messages.

The excessive messages in syslog files, usually located in /var/log/messages, might be similar to these:

SF-IMS[30088]: [12222] ADI:adi.LdapRealm [WARN] no DN found for user 'myuser'

SF-IMS[30088]: [12678] ADI:adi.ldap_query_handler [ERROR] Remote LDAP Query failed with error: LQ_DN_UNAVAILABLE

These messages might be seen once per minute, dependent upon the number of users and the specific device configuration.

Workaround/Solution

Correct the realm/LDAP configuration in the advanced settings of the Realm Configuration.

Updated Cisco FirePOWER software that addresses this issue is available from Cisco Software Central for customers with a valid service contract. The recommended upgrade paths are shown in this table.

Impacted Software Version(s)	Fixed Software Version(s)
6.0(1), 6.1(0), 6.1(0)1	6.1(0)3 or later
6.2(0)	6.2(0)1 or later

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)