This document describes how to check for and collect core files from a FirePOWER appliance. When a process on a FirePOWER Appliance encounters a critical problem, a dump of the running memory of the process can be saved as a core file. In order to determine the root cause of the failure, Cisco Technical Support might request the core files.
Steps to Collect Core Files
Connect to the CLI of the appliance with Secure Shell (SSH).
Become a root user:
admin@FirePOWER~$ sudo su -
If the appliance is a 7000 or 8000 Series FirePOWER device, ASA SFR module, or Virtual Appliance, enter expert in order to go to the CLI:
> expert admin@FirePOWER~$
Go to the /var/common folder, where the core files are located.
root@FirePOWER:/var/home/admin~# cd /var/common
Check the folder for the file. This example shows one core file. However, you might find more than one core file.
Compress the file. Core files have the potential to be very large. Due to the internal structure of core files, gzip compression can successfully make the file size significantly smaller.
root@FirePOWER:/var/common~# gzip core.2179
If core files are archived before they are compressed, the gzip algorithm is not able to compress the files as much. If the files are not compressed before they are archived, it is possible that the disk utilization thresholds on the device might be exceeded and the core files deleted automatically in order to prevent disk space from being exhausted.
After the core files are gzipped, they can be stored together in a .tar archive for convenience in file transfers.
root@FirePOWER:/var/common~# tar cvf core_file.gz.tar core.2179.gz
At this point, you should have a file called core_file.gz.tar. If Cisco Technical Support requests multiple core files, you can then repeat the prior instructions for each additional file. Make sure to give these files unique names.
In order to copy this file safely from the FirePOWER appliance with Secure Copy (SCP), enter these commands:
root@FirePOWER:/var/common-# exit admin@FirePOWER:/var/common~$ exit > system file secure-copy hostnameusernamedestination_directory core_file.gz.tar
After you press Enter, you are prompted for the password to the remote system. The file is copied across the network.
Note: In this example, the hostname refers to the name or IP address of the target remote host, the username specifies the name of the user on the remote host, and the destination_directory specifies the destination path on the remote host.