Firepower Troubleshooting

Firepower Troubleshooting
Pigtail Logs
ACTQ ----------- /var/log/action_queue.log

DEPL ------------ /var/log/sf/policy_deployment.log
show model HTTP -------------- /var/log/httpd/httpd_error_log
show version DCSM ---------------- /var/log/mojo.log
Verify Unit
MOJO --------------- /var/log/mojo/mojo.log
$top MSGS ---------------- /var/log/messages
show cpu NGFW ----------------- /var/log/ngfwManager.log
show memory
show disk VMSB ------------------- /opt/CSCOpx/log/operation/vmsbesves.log
show disk-manager USMS ------------------- /opt/CSCOpx/log/operation/usmsharedsves.log
Check Unit Status show network TCAT ---------------- /opt/CSCOpx/log/operation/vmsharedsvcs.log
show dns
VMSS -------------------- /opt/CSCOpx/log/operation/vmssharedsves.log
show ifconfig
show network
show interfaces
Check Network show dns Messages Logs (OVERAL LOGS)
show ntp
Messages ----- /var/log/messages
grep -i error /var/log/messages | sort | uniq
grep -i error /var/log/messages > messages.backup
show managers
less messages.backup
Check Manager
status.log (UPGRADE DIRECTORY)
messages (First Stop) /var/log/sf/<upgrade directory>/status.log
Check Logs action_queue.log (Record Action taken by Device)
top.log
status.log (Upgrade log Directory) OTHER Logs
Troubleshoot file ----- /var/common/result-01-22-2017--184950.tar.gz
Schedule Task Log ------ /var/log/schedule_task.log
system support sftunnel-status Snort files ------ /var/sf/detection_engines/<UUID>/catsnort.conf
Check sftunnel Snort instances ------ /var/sf/detection_engines/<UUID>/instance-1
SQL traffic REST Calls ------ /var/logg/CSMAgent.log
system support pigtail <LOG_TYPE>
UI Logs ------ /var/log/mojo/mojo.log
pigtail DC Communication Logs ----- /var/log/mojo.log
Gather Pigtail Logs
OTHER Logs 2
/httpd/httpsd_error_log > HTTP GUI Errors
mojo.log > JAVA Errors
Debug From SFR
system support application-engine-debug /mojo/mojo.log > GUI Errors and Communication Problems
Run Debugs /var/sf/time_series > CPU usage member user over time, store granular logs
debug sfr event
debug sfr error process_stderr.log > records of help alerts
Debug From ASA debug sfr message
$ cd /var/log/sf/<upgrade>
Upgrade Monitoring tail –f status.log SNORT Logs
cd /var/tmp/
cd /var/cisco/deploy
cat /var/sf/detection_engines/<UUID>/instance-1
netstat -tunpa | less cat /var/sf/detection_engines/<UUID>/instance-2
Check Listening Ports cat /var/sf/detection_engines/<UUID>/instance-3
cat /var/sf/detection_engines/<UUID>/snort.conf
system support capture-traffic
Run Captures
Generate File
system support-troubleshoot all
TROUBLESHOOTING GUI Issues
Generate Troubleshoot File
system file copy 60.60.60.7 anonymous / result-10-02-2017--123316.tar.gz !--------------------------------------------------------------------
Download File Deployment Logs
less policy_deployment.log |grep Malformed
tail -f policy_deployment.log
Run ping and telnet NOTE: Will only show if deploy changes are made.
ping -m do -c 20 -s 1472 10.10.10.10
telnet 192.168.1.10 8305 !--------------------------------------------------------------------
Troubleshooting Registration Failures Pigtail Logs
pigtail --help
pmtools status | grep sftunnel
pmtools status | grep Down
verify using pmtools pmtools status | grep Disabled FILTERS
desploy
ui
system support sftunnel-status
all
verify sftunnel
show managers
expert RUN PIGTAIL TO FILE ON TMP FOLDER
ifconfig | less pigtail -outfile /var/tmp/pigtail.out &
ifconfig eth0
Verify Connectivity
netstat -an | grep 8305
pigtail > /var/tmp/pigtail.out &
sftunnel_status.pl cd /var/tmp/
less pigtail.out
less pigtail.out |grep Malformed
Reset Communication manage_procs.pl
run 3,4,5 RUN PIGTAIL TO FILE ON COMMON FOLDER
pigtail > var/common/pigtail.out
cd /var/common/
Remove Peers remove_peer.pl
grep appliance_UUID/etc/sf/ims.conf less pigtail.out
less pigtail.out |grep Malformed
cd /etc/sf
Check Registration Config

less rpc.conf LOG TO FILE IN REAL TIME IN BACKGROUND
tail -f /var/log/messages > /var/tmp/test.log &
pmtool restartbyid CloudAgent
BRING PROCESS BACK

fg 1
VIEW BACKGROUND PROCESS

tail -f /var/log/messages > /var/tmp/test.log &
jobs
ls /var/tmp/
pmtool status | grep -i running
jobs
ls -l /var/tmp | grep pigtail

Firepower Troubleshooting

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Firepower Troubleshooting

Uploaded by

Copyright:

Available Formats

Firepower Troubleshooting

ACTQ ----------- /var/log/action_queue.log

Check Registration Config

pmtool restartbyid CloudAgent

BRING PROCESS BACK

VIEW BACKGROUND PROCESS

You might also like