Cisco Firepower Troubleshoot File Generation Procedures
Available Languages
Contents
Introduction
This document describes how to generate a troubleshoot file on a Cisco Firepower. A troubleshoot file contains a collection of log messages, configuration data, and command outputs. It is used to determine the status of the Firepower hardware and software. If a Cisco engineer requests you to send a troubleshoot file from your Firepower device, you can use the instructions provided in this document. You can also find, in some sections, a link to the Cisco TAC Video Portal, where you can follow this procedure through a video explanation for better understanding.
Prerequisites
Cisco recommends that you have knowledge of the following products:
- Firepower Management Center (FMC)
- Firepower Device Manager (FDM)
- Firepower Threat Defense (FTD)
- FirePOWER (SFR) service module running on ASA
- Firepower eXtensible Operating System (FXOS)
Using the Web Interface of FMC
Generate a Troubleshoot File
Complete these steps in order to generate troubleshoot files:
- In the version 6.x, navigate to System > Health > Monitor on the management appliance web interface in order to reach the Health Monitor page.
In the version 5.x, navigate to Health > Health Monitor on the management appliance web interface in order to reach the Health Monitor page. - In order to expand the appliance list and view the appliances with a particular status, click the arrow at the end of the row:
- In the Appliance column of the appliance list, click the name of the appliance for which you want to view details. The Health Monitor Appliance page appears.
- Click Generate Troubleshooting Files. The Troubleshooting Options pop-up window appears.
- Check the All Data check box in order to generate a report with all of the possible troubleshooting data, or check the individual check boxes in order to customize your report:
- Click Generate and the Management Center generates the troubleshoot files.
Download a Troubleshoot File
In order to download a copy of your generated troubleshoot file, go to the Task Status page on your FMC. In version 6.x, navigate to Message Center icon ( an option between Deploy and System) > Tasks on the management appliance web interface in order to reach the Task Status page. In version 5.x, navigate to System > Monitoring > Task Status on the management appliance web interface in order to reach the Task Status page.
On 6.x:
On 5.x:
Once the appliance generates a troubleshoot file, the task status changes to Completed. You can locate the task that corresponds to the troubleshoot files that you generated. Click the Click to retrieve generated files link and follow the browser prompts in order to download the file. The files are downloaded to your desktop in a single .tar.gz file.
Video
Generate an FMC and FTD Troubleshoot File Using the Web Interface of FMC - https://video.cisco.com/video/6155869306001
Using the Web Interface of FDM
Generate a Troubleshoot File
Within the FDM homepage, navigate to the Troubleshoot section alongside the Request file to be created button as seen in the image below:
Once you hover the mouse over the Request file to be created button, a message shows up indicating that the troubleshooting file generation could take up to an hour to be completed.
After you select the Request file to be created button, the Troubleshoot section changes to indicate that a troubleshooting file has been requested. This action can be seen in the task list section.
Navigate to Task List > running to confirm that the Troubleshoot execution is in progress.
When the task finishes, it will show up in the Completed tab of the Task List.
Download a Troubleshoot File
Navigate to the Troubleshoot section and confirm two new buttons appeared. Once you select the Download button, your web browser brings up a prompt. Follow the prompt to save the Troubleshooting file that was just generated.
The files are downloaded to your desktop in a single .tar.gz file.
Select the Re-request file to be created button to generate a new Troubleshooting file.
Using the Command Line Interface (CLI)
If you attempt to use the generation method that is described in the previous sections and are unable to access the management appliance web interface, or if there is a connectivity issue between the management appliance and the managed devices, then you will not be able to generate the troubleshoot file. In this case, you can use the CLI of your appliance in order to generate the troubleshoot file.
Firepower Management Center
Enter this command on the Firepower Management Center in order to generate a troubleshoot file:
admin@FMC:~$ sudo sf_troubleshoot.pl Starting /usr/local/sf/bin/sf_troubleshoot.pl... Please, be patient. This may take several minutes.
Troubleshooting information successfully created at /var/common/xxxxxx.tar.gz
Firepower Devices
Enter this command on FirePOWER devices/modules and virtual managed devices in order to generate a troubleshoot file:
> system generate-troubleshoot all
Starting /usr/local/sf/bin/sf_troubleshoot.pl... Please, be patient. This may take several minutes. The troubleshoot option code specified is ALL. Troubleshooting information successfully created at /var/common/xxxxxx.tar.gz
Firepower eXtensible Operating System (FXOS)
You can obtain a troubleshoot file directly from your Firepower eXtensible Operating System (FXOS). To generate a file, you need to connect to the device's management address using Secure Shell (SSH).
Once you are in the FXOS CLI, follow the steps below to generate the file:
FP4150# connect local-mgmt
FPr4150(local-mgmt)# show tech-support fprm detail
Initiating tech-support information task on FABRIC A ...
Completed initiating tech-support subsystem tasks (Total: 1)
All tech-support subsystem tasks are completed (Total: 1[received]/1[expected])
The detailed tech-support information is located at workspace:///techsupport/20170116170843_FP4150_FPRM.tar
FP4150(local-mgmt)#
The fprm keyword generates a troubleshoot file for the Firepower Platform Management. Similarly, the system also allows you to generate troubleshoot files from chassis and security module.
FP4150(local-mgmt)# show tech-support ? chassis Chassis fprm Firepower Platform Management module Security Module
Once a troubleshoot file is generated, you can find it in the workspace. Run the following command to confirm:
FP4150(local-mgmt)# dir workspace:/techsupport
1 9912320 Jan 16 17:10:07 2012 20170116170843_FP4150_FPRM.tar
Usage for workspace://
4032679936 bytes total
43540480 bytes used
3784286208 bytes free
FP4150(local-mgmt)#
Copy a Troubleshoot File with CLI
Before you copy a file from FXOS to your computer, ensure the following items:
- The firewall on your local computer accepts incoming connection over any necessary ports. For example, if you copy a file over Secure Shell, your computer must be allowing connections from any related ports, such as, port 22.
- You computer must be running the Secure Copy (SCP) service. You can find various SSH/SCP server softwares in the internet. However, Cisco does not provide support for installing and configuring any particular SCP server.
Firepower Management Center
Enter this command on the Firepower Management Center in order to copy a troubleshoot file:
admin@FMC:~$ sudo scp troubleshoot_file_name username@destination_host:destination_folder
Firepower Devices
Enter this command on FirePOWER devices and virtual managed devices in order to copy a troubleshoot file:
> file secure-copy hostname username destination_folder troubleshoot_file
Firepower eXtensible Operating System (FXOS)
To copy a troubleshoot file from your Firepower eXtensible Operating System (FXOS) to your local computer, run the following command on your Firepower appliance:
FP4150(local-mgmt)# copy workspace:/techsupport/filename scp://username@X.X.X.X
Video
Generate the FXOS show tech-support files in Firepower 4100 and 9300 -https://video.cisco.com/video/6194332657001
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)