Cisco Bug: CSCvv54860 - backup file can be extremely large when rabbitmq queue backed up
Sep 04, 2020
- Sourcefire Defense Center
Known Affected Releases
6.3.0 6.4.0 6.5.0 6.6.0 220.127.116.11
Symptom: Very large backup files seen (100+ GB). Conditions: This can happen when any service that uses rabbitmq on the FMC gets backed up. This includes things like: - Passive user identity enabled - estreamer enabled on 6.6+ - Threat Intelligence Director enabled This is more likely to be seen on 6.6+ with estreamer, especially if you have a larger FMC which is not able to contact the estreamer server. You may see a lot of files in a directory similar to the following structure (but the unique ids in the path will likely be different per system): /var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores/vhosts/45Y9RF6ZKMNMGGWS6HE9BFJT2/queues/3ELL7R69K8XE87JGEJPIYRJAB You can check the size of this directory with the command: du -h --max-depth=2 /var/lib/rabbitmq/mnesia/ 44K /var/lib/rabbitmq/mnesia/rabbit@localhost-plugins-expand/rabbitmq_auth_mechanism_ssl-3.7.17 48K /var/lib/rabbitmq/mnesia/rabbit@localhost-plugins-expand 3.9T /var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores 3.9T /var/lib/rabbitmq/mnesia/rabbit@localhost 3.9T /var/lib/rabbitmq/mnesia/ In this case we see the /var/lib/rabbitmq/mnesia/rabbit@localhost directory is 3.9TB. This entire directory will be included in the backup, after compression it will be reduced significantly (3.9TB down to 190GB or so), but it will still be a very large backup and when it is restored/extracted it will also expand to 3.9TB.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases