THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision | Publish Date | Comments |
---|---|---|
1.0 |
12-Dec-19 |
Initial Release |
1.1 |
03-Mar-20 |
Updated the Products Affected and Workaround/Solution Sections |
Affected OS Type | Affected Software Product | Affected Release | Affected Release Number | Comments |
---|---|---|---|---|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.1 |
6.1.0, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.0.5, 6.1.0.6, 6.1.0.7 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.2 |
6.2.0, 6.2.0.1, 6.2.0.2, 6.2.0.3, 6.2.0.4, 6.2.0.5, 6.2.0.6, 6.2.1, 6.2.2, 6.2.2.1, 6.2.2.2, 6.2.2.3, 6.2.2.4, 6.2.2.5, 6.2.3, 6.2.3.1, 6.2.3.10, 6.2.3.11, 6.2.3.12, 6.2.3.13, 6.2.3.14, 6.2.3.15, 6.2.3.2, 6.2.3.3, 6.2.3.4, 6.2.3.5, 6.2.3.6, 6.2.3.7, 6.2.3.8, 6.2.3.9 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.3 |
6.3.0, 6.3.0.1, 6.3.0.2, 6.3.0.3, 6.3.0.4, 6.3.0.5 |
|
NON-IOS |
Firepower Threat Defense (FTD) Software |
6.4 |
6.4.0, 6.4.0.1, 6.4.0.2, 6.4.0.3, 6.4.0.4, 6.4.0.5, 6.4.0.6, 6.4.0.7 |
|
NON-IOS |
FirePOWER Services Software for ASA |
6.1 |
6.1.0, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.0.5, 6.1.0.6, 6.1.0.7 |
|
NON-IOS |
FirePOWER Services Software for ASA |
6.2 |
6.2.0, 6.2.0.1, 6.2.0.2, 6.2.0.3, 6.2.0.4, 6.2.0.5, 6.2.0.6, 6.2.2, 6.2.2.1, 6.2.2.2, 6.2.2.3, 6.2.2.4, 6.2.2.5, 6.2.3, 6.2.3.1, 6.2.3.10, 6.2.3.11, 6.2.3.12, 6.2.3.13, 6.2.3.14, 6.2.3.15, 6.2.3.2, 6.2.3.3, 6.2.3.4, 6.2.3.5, 6.2.3.6, 6.2.3.7, 6.2.3.8, 6.2.3.9 |
|
NON-IOS |
FirePOWER Services Software for ASA |
6.3 |
6.3.0, 6.3.0.1, 6.3.0.2, 6.3.0.3, 6.3.0.4, 6.3.0.5 |
|
NON-IOS |
FirePOWER Services Software for ASA |
6.4 |
6.4.0, 6.4.0.1, 6.4.0.2, 6.4.0.3, 6.4.0.4, 6.4.0.5, 6.4.0.6, 6.4.0.7 |
Defect ID | Headline |
---|---|
CSCvo74833 | High unmanaged disk space on Firepower devices due to untracked files |
Some versions of Cisco Firepower software might experience high unmanaged disk utilization on Firepower appliances due to untracked files.
The Firepower system logs provide information to monitor and troubleshoot the Firepower appliance. These logs are useful both in routine troubleshooting and in incident handling.
Some versions of Firepower software might cause the diskmanager to not properly manage certain log files and might result in excessive disk space consumption on the Firepower appliance. This issue affects log files in the (/ngfw/)/var/sf/detection_engines/<uuid>/instance-*/ directories.
These files are commonly attributed to the issue:
It is possible to configure email alerts for high disk space usage with the Firepower Management Center (FMC) health monitoring feature. Refer to the FMC Configuration Guide for additional information.
FMC will display a high unmanaged disk space health alert for the Firepower appliance(s) that experiencies this issue. An example of the FMC health alert for high disk space usage is shown here.
Cisco recommends that you upgrade the Firepower software to Version 6.4.0.8 or later.
Alternatively, enter Expert Mode in order to manually delete the affected log files and free up disk space on your Firepower appliance(s) with these commands. Customers that require a certified release should consider this solution until a release subsequent to Firepower Version 6.4.0.8 completes certification.
For Firepower Threat Defense (FTD) devices, use these commands:
For non-FTD devices, use these commands:
Note: Replace the <uuid> placeholder with the Universally Unique Identifier (UUID) that is assigned on your particular appliance.
Refer to the Cisco Firepower Threat Defense Command Reference for additional information on how to use Expert Mode and how to determine the UUID.
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.
Unleash the Power of TAC's Virtual Assistance