Troubleshoot Firepower File Generation Procedures

Introduction

This document describes how to generate a troubleshoot file on a Cisco Firepower.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these products:

• Firepower Management Center (FMC)
• Firepower Device Manager (FDM)
• Firepower Threat Defense (FTD)
• FirePOWER (SFR) service module which runs on ASA
• Firepower eXtensible Operating System (FXOS)

Components Used

The information in this document is based on an FMC that runs software Version 5.0 or later. You can use an FMC to generate a troubleshoot file for the management appliance itself, or for any managed devices.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Background

A troubleshoot file contains a collection of log messages, configuration data, and command outputs. It is used to determine the status of the Firepower hardware and software. If a Cisco engineer requests you to send a troubleshoot file from your Firepower device, you can use the instructions provided in this document. You can also find, in some sections, a link to the Cisco Technical Assistance Center (TAC) Video Portal, where you can continue with this procedure through a video explanation for better understanding.

How to Use the Web Interface of FMC

Generate a Troubleshoot File in Version or 6.x

Complete these steps in order to generate troubleshoot files:

1. In Version 6.x, navigate to System > Health > Monitor on the management appliance web interface in order to reach the Health Monitor page.
   
   
2. In order to expand the appliance list and view the appliances with a particular status, click the arrow at the end of the row:
   
   
   

   Tip: If the arrow at the end of the row for a status level points down, the appliance list for that status appears in the lower table. If the arrow points right, the appliance list is hidden.

3. In the Appliance column of the appliance list, click the name of the appliance for which you want to view details. The Health Monitor Appliance page appears.
   
   
4. Click Generate Troubleshooting Files. The Troubleshooting Options pop-up window appears.
   
   
5. Check the All Data check box in order to generate a report with all of the possible related data, or check the individual checkboxes in order to customize your report:
   
   
6. Click Generate and the Management Center generates the troubleshoot files.
   
   

   Tip: In Version 6.x, in order to monitor the file generation process in task status, navigate to the Message Center icon (an option between Deploy and System) > Tasks

Generate a Troubleshoot File in Version 7.0+

1. Navigate to System > Health > Monitor on the management appliance web interface in order to reach the Health Monitor page.
2. On the monitor menu, select the FMC device listed. Then, select the View system & Troubleshooting Details option. This expands all possible system detail options as seen in this image:

   

3. Click Generate Troubleshooting Files. The Troubleshooting Options pop-up window appears.

   

4. Check the All Data check box in order to generate a report with all of the possible related data, or check the individual checkboxes in order to customize your report.

   

5. Click Generate and the Management Center generates the troubleshoot files.

Download a Troubleshoot File in Version 6.x

In order to download a copy of your generated troubleshoot file, go to the Task Status page on your FMC. In Version 6.x, navigate to the Message Center icon ( an option between Deploy and System) > Tasks on the management appliance web interface in order to reach the Task Status page.

On 6.x:

Once the appliance generates a troubleshoot file, the task status changes to Completed. You can locate the task that corresponds to the related files that you generated. Click the Click to retrieve generated files link and continue with the browser prompts in order to download the file. The files are downloaded to your desktop in a single .tar.gz file.

Download a Troubleshoot File in Version 7.0+

In order to download a copy of your generated troubleshoot file, go to the Task Status page on your FMC. In Version 7.x, navigate to the Message Center icon ( an option between Global Search and System) > Tasks on the management appliance web interface in order to reach the Task Status page:

Once the appliance generates a troubleshoot file, the task status changes to Success. Click the Click to retrieve generated files link and continue with the browser prompts in order to download the file. The files are downloaded to your desktop in a single .tar.gz file.

Video

In order to generate an FMC and FTD Troubleshoot File with the Web Interface of FMC, see How to Generate the CSM Diagnostic File.

How to Use the Web Interface of FDM

Generate a Troubleshoot File

Within the FDM homepage, navigate to the Troubleshoot section alongside the Request file to be created button as seen in this image:

Once you hover the mouse over the Request file to be created button, a message shows up which indicates that the file generation could take up to an hour to be completed.

After you select the Request file to be created button, the Troubleshoot section changes to indicate that a file has been requested. This action can be seen in the task list section.

Navigate to Task List > running to confirm that the Troubleshoot execution is in progress.

When the task finishes, it shows up in the Completed tab of the Task List.

Download a Troubleshoot File

Navigate to the Troubleshoot section and confirm two new buttons appeared. Once you select the Download button, your web browser brings up a prompt. Continue with the prompt to save the Troubleshooting file that was just generated.

The files are downloaded to your desktop in a single .tar.gz file.

Note: The timestamp indicates the time in which the currently available troubleshoot file was requested.

Select the Re-request file to be created button to generate a new troubleshoot file.

Note: This action causes the previously available file to be replaced with a new one once it generates.

How to Use the CLI

If you attempt to use the generation method that is described in the previous sections and are unable to access the management appliance web interface, or if there is a connectivity issue between the management appliance and the managed devices, then you are not able to generate the troubleshoot file. In this case, you can use the CLI of your appliance in order to generate the troubleshoot file.

Firepower Management Center

Enter this command on the Firepower Management Center in order to generate a troubleshoot file:

admin@FMC:~$ sudo sf_troubleshoot.pl 

Starting /usr/local/sf/bin/sf_troubleshoot.pl...
Please, be patient.  This may take several minutes.
Troubleshoot information successfully created at /var/common/xxxxxx.tar.gz

Firepower Devices

Enter this command on FirePOWER devices/modules and virtual managed devices in order to generate a troubleshoot file:

> system generate-troubleshoot all

Starting /usr/local/sf/bin/sf_troubleshoot.pl...
Please, be patient.  This may take several minutes.
The troubleshoot option code specified is ALL.
Troubleshoot information successfully created at /var/common/xxxxxx.tar.gz

Firepower eXtensible Operating System (FXOS)

Firepower 4100/9300 and Firepower 2100 with ASA in platform mode

You can obtain a troubleshoot file directly from your Firepower eXtensible Operating System (FXOS). In order to generate a file, you need to connect to the device management address with Secure Shell (SSH).

Note: FXOS 2.6.x+ allows you to generate the tech-support files from the Firepower Chassis Manager.

Once you are in the FXOS CLI, continue with these steps in order to generate the file:

• Firepower 4100 and 9300 with FXOS versions earlier than 2.7: 

FP4150# connect local-mgmt
FPr4150(local-mgmt)# show tech-support fprm detail

Initiating tech-support information task on FABRIC A ...
Completed initiating tech-support subsystem tasks (Total: 1)
All tech-support subsystem tasks are completed (Total: 1[received]/1[expected])

The detailed tech-support information is located at workspace:///techsupport/20170116170843_FP4150_FPRM.tar

FP4150(local-mgmt)#

The fprm keyword generates a troubleshoot file for the Firepower Platform Management. Similarly, the system also allows you to generate troubleshoot files from chassis and security module.

FP4150(local-mgmt)# show tech-support ?
  chassis  Chassis
  fprm     Firepower Platform Management
  module   Security Module

• Firepower 4100 and 9300 with FXOS versions 2.7 and later:

FP4150# connect local-mgmt 
FP4150(local-mgmt)# show tech-support fprm detail 
WARNING: show tech-support fprm detail command is deprecated.
Please use show tech-support chassis 1 detail command instead.

In FXOS versions 2.7 and later the fprm troubleshoot file is included in the chassis troubleshoot file:

FP4150(local-mgmt)# show tech-support chassis 1 detail
Initiating tech-support information task on FABRIC A ...

• Firepower 2100 with ASA in platform mode:

fpr-2120# connect local-mgmt
fpr-2120 (local-mgmt)# show tech-support ?
  fprm  FPRM 
fpr-2120 (local-mgmt)# show tech-support fprm detail
 fpr-2120_FPRM
The showtechsupport file will be located at workspace:/techsupport/20221212103515_ fpr-2120_FPRM.tar.gz
Initiating tech-support information task on FABRIC A ...

Note: Chassis and module troubleshoot files are not available in Firepower 2100.

Once a troubleshoot file is generated, you can find it in the workspace. Run the command to confirm:

FP4150(local-mgmt)# dir workspace:/techsupport

1 9912320 Jan 16 17:10:07 2012 20170116170843_FP4150_FPRM.tar

Usage for workspace://
4032679936 bytes total
43540480 bytes used
3784286208 bytes free

FP4150(local-mgmt)#

Firepower 1000/2100 and Secure Firewall 3100 with FTD

Use the connect fxos command in CLISH to connect to the FXOS command shell:

> connect fxos 

Connect to the local-mgmt command shell and generate the troubleshoot file:

fpr1150# connect local-mgmt

fpr1150(local-mgmt)# show tech-support fprm detail

fpr1150.abb.local_FPRM
The showtechsupport file will be located at workspace:/techsupport/20221212091405_fpr1150.abb.local_FPRM.tar.gz
Initiating tech-support information task on FABRIC A ...
WARNING: *** /mnt/disk0/smart-log/ is missing ***
WARNING: *** /tmp/softraid_env.xml is missing ***
WARNING: *** /tmp/nvme_build.log is missing ***
WARNING: *** /tmp/sed_build.log is missing ***
WARNING: *** /opt/cisco/platform/logs/QAT is missing ***
Completed initiating tech-support subsystem tasks (Total: 0)

fpr1150(local-mgmt)# dir workspace:/techsupport/
1 5776262 Dec 12 09:14:15 2022 20221212091405_fpr1150.abb.local_FPRM.tar.gz
Usage for workspace://
159926181888 bytes total
16198488064 bytes used
143727693824 bytes free

Copy the troubleshoot file to the remote server:

fpr1150(local-mgmt)# copy workspace:/techsupport/20221212091405_fpr1150.abb.local_FPRM.tar.gz ?
  ftp:        Dest File URI
  http:       Dest File URI
  https:      Dest File URI
  scp:        Dest File URI
  sftp:       Dest File URI
  tftp:       Dest File URI
  usbdrive:   Dest File URI
  volatile:   Dest File URI
  workspace:  Dest File URI

Firepower 1000/2100 and Secure Firewall 3100 with ASA in appliance mode

Verify the FXOS mode:

ciscoasa# show fxos mode
Mode is currently set to appliance

Use the connect fxosadmin command to connect to the FXOS command shell:

ciscoasa# connect fxos admin
Configuring session.
.
Connecting to FXOS.
...

Note: In multi-context mode, the connect fxos admin command is available in the system or the admin context.

Connect to the local-mgmt command shell and generate the troubleshoot file:

firepower-2130# connect local-mgmt
Warning: network service is not available when entering 'connect local-mgmt'

firepower-2130(local-mgmt)# show tech-support fprm detail
 firepower-2130_FPRM
The showtechsupport file will be located at workspace:/techsupport/20221212093206_firepower-2130_FPRM.tar.gz
Initiating tech-support information task on FABRIC A ...
Completed initiating tech-support subsystem tasks (Total: 0)
firepower-2130(local-mgmt)# dir workspace:/techsupport/
1 6902474 Dec 12 09:32:12 2022 20221212093206_firepower-2130_FPRM.tar.gz
Usage for workspace://
167921864704 bytes total
318324736 bytes used
167603539968 bytes free

To copy the troubleshoot file go back to the ASA console:

firepower-2130(local-mgmt)# exit
firepower-2130# exit
Connection with FXOS terminated.
Type help or '?' for a list of available commands.

ciscoasa# dir flash:/fxos
Directory of disk0:/fxos/
297718806  -rw-  6902474      09:32:12 Dec 12 2022  20221212093206_firepower-2130_FPRM.tar.gz
1 file(s) total size: 6902474 bytes
21475885056 bytes total (21212692480 bytes free/98% free)

Copy the troubleshoot file to the remote server:

ciscoasa# copy disk0:/fxos/20221212093206_firepower-2130_FPRM.tar.gz ?

  cluster:        Copy to cluster: file system
  disk0:          Copy to disk0: file system
  disk1:          Copy to disk1: file system
  flash:          Copy to flash: file system
  ftp:            Copy to ftp: file system
  running-config  Update (merge with) current system configuration
  scp:            Copy to scp: file system
  smb:            Copy to smb: file system
  startup-config  Copy to startup configuration
  system:         Copy to system: file system
  tftp:           Copy to tftp: file system

Copy a Troubleshoot File with CLI

Before you copy a file from FXOS to your computer, verify these items:

• The firewall on your local computer accepts incoming connection over any necessary ports. For example, if you copy a file over Secure Shell, your computer must allow connections from any related ports, such as, port 22.
• You computer must run the Secure Copy (SCP) service. You can find various SSH/SCP server softwares in the internet. However, Cisco does not provide support for installatioon and configuration any particular SCP server.

Firepower Management Center

Enter this command on the Firepower Management Center in order to copy a troubleshoot file:

admin@FMC:~$ sudo scp troubleshoot_file_name username@destination_host:destination_folder

Firepower Devices

Enter this command on FirePOWER devices and virtual managed devices in order to copy a troubleshoot file:

> file secure-copy hostname username destination_folder troubleshoot_file

Note: In this example, the hostname refers to the name or IP address of the target remote host, the username specifies the name of the user on the remote host, the destination_folder specifies the destination path on the remote host, and the troubleshoot_file specifies the local troubleshoot file for transfer.

Firepower eXtensible Operating System (FXOS)

Firepower 4100/9300 and Firepower 2100 with ASA in platform mode

In order to copy a troubleshoot file from your Firepower eXtensible Operating System (FXOS) to your local computer, run this command on your Firepower appliance:

FP4150(local-mgmt)# copy workspace:/techsupport/filename scp://username@ipaddress

Firepower 1000/2100 and Secure Firewall 3100 with FTD

Use the connect fxos command in CLISH to connect to the FXOS command shell:

> connect fxos 

Connect to the local-mgmt command and copy the troubleshoot file to the remote server:

fpr1150# connect local-mgmt
fpr1150(local-mgmt)# copy workspace:/techsupport/20221212091405_fpr1150.abb.local_FPRM.tar.gz ?
  ftp:        Dest File URI
  http:       Dest File URI
  https:      Dest File URI
  scp:        Dest File URI
  sftp:       Dest File URI
  tftp:       Dest File URI
  usbdrive:   Dest File URI
  volatile:   Dest File URI
  workspace:  Dest File URI

Firepower 1000/2100 and Secure Firewall 3100 with ASA in appliance mode

You can copy the troubleshoot file from the ASA console:

ciscoasa# dir flash:/fxos
Directory of disk0:/fxos/
297718806  -rw-  6902474      09:32:12 Dec 12 2022  20221212093206_firepower-2130_FPRM.tar.gz
1 file(s) total size: 6902474 bytes
21475885056 bytes total (21212692480 bytes free/98% free)

Copy the troubleshoot file to the remote server:

ciscoasa# copy disk0:/fxos/20221212093206_firepower-2130_FPRM.tar.gz ?

  cluster:        Copy to cluster: file system
  disk0:          Copy to disk0: file system
  disk1:          Copy to disk1: file system
  flash:          Copy to flash: file system
  ftp:            Copy to ftp: file system
  running-config  Update (merge with) current system configuration
  scp:            Copy to scp: file system
  smb:            Copy to smb: file system
  startup-config  Copy to startup configuration
  system:         Copy to system: file system
  tftp:           Copy to tftp: file system

Video

In order to generate the FXOS show tech-support files in Firepower 4100 and 9300, see Generate the FXOS show tech-support files in Firepower 4100 and 9300.