top of page

Analyzing Firepower logs with pigtail

Did you ever run into a problem with Cisco Firepower that left you clueless as to why your policy deployment is failing? Have you ever asked yourself why your FMC High-Availability is not working correctly or why your new Firewall cannot register with its central manager? Then this is the right post for you. We will look into how pigtail, a CLI logging utility available on both FTD and FMC, can help you figuring out what is happening behind the scenes.


Pigtail is a highly sophisticated log analysis tool that… just kidding, it’s a perl script that basically tails different logfiles, color codes the output for better readability and normalizes logfile timestamps, which is available from SFCLI on FTD and the bash shell on FMC.


Before executing pigtail we will need to access the bash shell and change users to root:

Now let’s take a look at pigtail and options it provides:


The help page is quite detailed but can be summed up quickly. Basically you have some filter options that help you tail only specific logs in which you are interested in. For example you can use pigtail "deploy" to tail the deployment logs.

If you want to log all the information into a file, try this one:


Use the command below into this privilege:


If you need to download the file, go to your FMC under Health >> Monitor >> "FTD" >> Advanced troubleshooting >> Download file >> Copy the file name into the box >> OK.


You must copy your FTD CLI file to /ngfw/var/common/



1,178 views0 comments

Recent Posts

See All

Securing IOS-XE Routing Protocols

Securing the routing information prevents an attacker from introducing false routing information into the network, which could be used as part of a Denial of Service (DoS) or Man-in-the-Middle (MiTM)

Cisco Duo Log Sync (DLS)

Duologsync (DLS) is a utility written by Duo Security that supports fetching logs from Duo endpoints and ingesting them to different SIEMs. Logging: A logging filepath can be specified in config.yml.

Umbrella VA logging to Remote Syslog Server

Syslog is a protocol that computer systems use to send event data logs to a central location for storage. Logs can then be accessed by analysis and reporting software to perform audits, monitoring, tr

댓글


bottom of page