Analyzing Firepower logs with pigtail

Did you ever run into a problem with Cisco Firepower that left you clueless as to why your policy deployment is failing? Have you ever asked yourself why your FMC High-Availability is not working correctly or why your new Firewall cannot register with its central manager? Then this is the right post for you. We will look into how pigtail, a CLI logging utility available on both FTD and FMC, can help you figuring out what is happening behind the scenes.


Pigtail is a highly sophisticated log analysis tool that… just kidding, it’s a perl script that basically tails different logfiles, color codes the output for better readability and normalizes logfile timestamps, which is available from SFCLI on FTD and the bash shell on FMC.


Before executing pigtail we will need to access the bash shell and change users to root:

Now let’s take a look at pigtail and options it provides:


The help page is quite detailed but can be summed up quickly. Basically you have some filter options that help you tail only specific logs in which you are interested in. For example you can use pigtail "deploy" to tail the deployment logs.

If you want to log all the information into a file, try this one:


Use the command below into this privilege:


If you need to download the file, go to your FMC under Health >> Monitor >> "FTD" >> Advanced troubleshooting >> Download file >> Copy the file name into the box >> OK.


You must copy your FTD CLI file to /ngfw/var/common/


gif

30 views0 comments

Recent Posts

See All

Umbrella VA

What is Umbrella VA and how it works? 🤔 Umbrella virtual appliances (VAs) are lightweight virtual machines that are compatible with VMWare ESX/ESXi, Windows Hyper-V, and KVM hypervisors and the Micro

The configuration register

The configuration register is a special 16 bits value and can be used to change router behavior in several ways, such as: ▸How the router boots (into ROMmon, NetBoot); ▸Options while booting (ignore c

FTD factory reset

⧽ Technology Overview: Cisco FTD is a threat-focused, next-gen firewall (NGFW) with unified management. It provides advanced threat protection before, during and after attacks. NGFWs use a variety of