ASA FirePOWER Module (SFR) Troubleshoot File Generation Procedures using ASDM (On-box Management)

Available Languages

Download Options

  • PDF     (413.8 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (375.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (328.0 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:January 11, 2016
Document ID:200324

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how to generate a Troubleshoot File on an ASA Firepower module(SFR) using ASDM (On-box Management).

If a Cisco Support Engineer requests that you send a troubleshoot file from your Firepower module (SFR), you can use the instructions provided in this document. 

  

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

  • Knowledge of ASA (Adaptive Security Appliance) firewall, ASDM (Adaptive Security Device Manager)
  • Firepower appliance Knowledge

Components Used

The information in this document is based on these software and hardware versions:

  • ASA Firepower modules (ASA 5506X/5506H-X/5506W-X,  ASA 5508-X, ASA 5516-X ) running software version 5.4.1 and above

  • ASA Firepower module  (ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X) running software version 6.0.0 and above

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Background Information

A troubleshoot file contains a collection of log messages, configuration data, and command outputs. It is used in order to determine the status of Firepower (SFR) module.

This procedure is applicable when Firepowermodule (SFR) is managed by ASDM.

If the Firepower module (SFR) is managed by the Firepower Management Center/FireSIGHT/Defense Center then follow this article. 

Sourcefire/ Firepower Appliance Troubleshoot File Generation Procedures

Generate Troubleshoot Files with ASDM 

Complete these steps in order to generate troubleshoot files:

1. Log in  to the  ASDM and ensure  ASA Firepower status on Device Dashboard & status shows Up & running. 

2. Navigate to Configuration > ASA Firepower Configuration >  Tools  > Troubleshooting on the ASDM           configuration panel. 

3. Click  Generate Troubleshoot  option in order to generate the Troubleshoot file. Troubleshooting Options pop-up window appears.

4. Select All Data check box in order to generate a report with all the possible troubleshooting data, or check the individual check boxes in order to customize your report: 

5. Click Generate and ASDM generates the troubleshoot file.

Tip: In order to monitor the file generation process in the task queue, navigate to Monitoring > ASA Firepower Monitoring > Task Status 

Download Troubleshoot Files 

Complete these steps in order to download copies of your generated troubleshoot file:

1. Navigate to Monitoring > ASA Firepower Monitoring > Task Status  on ASDM in order to reach the Task Status page.

2. After the ASDM generates the troubleshoot files and the task status changes to Completed, locate the task that corresponds to the troubleshoot files that you generated.

3. Click the retrieve generated files link and follow the browser prompts in order to download the file.

Note: The files are downloaded to the desktop in a single *.tar.gz file.

Alternative Method of Generating Troubleshoot Files

If Firepower module is not accessible from the ASDM, then it is not  possible to generate the Troubleshoot File as per the ASDM instructions. In such cases, you can use the CLI of the appliance in order to generate the troubleshoot file.

You can either directly SSH to Firepower module management IP address or login to ASA via CLI and run command (# session sfr console) to login to Firepower Module. 

Enter this command on Firepower module  to generate a troubleshoot file:

> system generate-troubleshoot all
Starting /usr/local/sf/bin/sf_troubleshoot.pl...
Please, be patient.  This may take several minutes.

The troubleshoot option code specified is ALL.

Troubleshooting information successfully created at /var/common/xxxxxx.tar.gz

Copy Troubleshoot Files

Run this command to upload the troubleshoot file to an SCP server. 

> System file secure-copy  <hostname>  <username>  <destination_folder>   <troubleshoot_file>

NoteIn this example, the hostname specifies to the name/IP address of the target,  the username specifies the name of the user on the remote host, the destination_folder specifies the destination directory path on the remote host, and the troubleshoot_file specifies the local troubleshoot file for transfer.

Ensure the  Management port has reachability to the SCP server. 

Verify

There is currently no verification procedure available for this configuration.

  

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

TAC Authored

Contributed by Cisco Engineers

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products