Preview Tool

Cisco Bug: CSCvv54860 - backup file can be extremely large when rabbitmq queue backed up

Last Modified

Sep 04, 2020

Products (1)

  • Sourcefire Defense Center

Known Affected Releases

6.3.0 6.4.0 6.5.0 6.6.0

Description (partial)

Very large backup files seen (100+ GB). 

This can happen when any service that uses rabbitmq on the FMC gets backed up. This includes things like:
- Passive user identity enabled
- estreamer enabled on 6.6+
- Threat Intelligence Director enabled

This is more likely to be seen on 6.6+ with estreamer, especially if you have a larger FMC which is not able to contact the estreamer server. You may see a lot of files in a directory similar to the following structure (but the unique ids in the path will likely be different per system):


You can check the size of this directory with the command:

du -h --max-depth=2 /var/lib/rabbitmq/mnesia/

44K /var/lib/rabbitmq/mnesia/rabbit@localhost-plugins-expand/rabbitmq_auth_mechanism_ssl-3.7.17
48K /var/lib/rabbitmq/mnesia/rabbit@localhost-plugins-expand
3.9T /var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores
3.9T /var/lib/rabbitmq/mnesia/rabbit@localhost
3.9T /var/lib/rabbitmq/mnesia/

In this case we see the /var/lib/rabbitmq/mnesia/rabbit@localhost directory is 3.9TB. This entire directory will be included in the backup, after compression it will be reduced significantly (3.9TB down to 190GB or so), but it will still be a very large backup and when it is restored/extracted it will also expand to 3.9TB.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.