Guest

Preview Tool

Cisco Bug: CSCvu57825 - Snort down: Reconfiguring Detection Error

Last Modified

Jul 18, 2020

Products (35)

  • Cisco Firepower Management Center
  • Cisco FirePOWER Appliance 8260
  • Cisco FirePOWER Appliance 8120
  • Cisco Firepower Management Center 2500
  • Cisco Firepower Management Center 4600
  • Cisco FirePOWER Appliance 8360
  • Cisco FirePOWER Appliance 7050
  • Cisco FirePOWER Appliance 8130
  • Cisco AMP 7150
  • Cisco AMP 8150
View all products in Bug Search Tool Login Required

Known Affected Releases

6.4.0.5

Description (partial)

Symptom:
-Policy deployment failed with the following reason:

Failed to create symlink /var/sf/detection_engines/<UUID>/instance-X/connection to /dev/shm/instance-X/connection, the reason is File exists
Failed to start DE <UUID>: Write Error
Error reconciling detection engine changes!
Change reconciliation failed!
Failed to apply detection configuration: Write Error

-Snort is in an unknown state. Not all the pid id are listen on "pidof snort" output, only the running ones have an assigned CPU core to process traffic (pmtool show de)

-Only a few snort instances have the symlink to store connection events on RAM. Most of the folders /dev/shm/ don't exist. For more details see: show log-events-to-ramdisk command reference

Conditions:
-Firepower Management Center running 6.4.0.5 version
-Firepower Thread Defense running 6.4.0.5, upgrade from 6.2.3.x train
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.