This list of binaries, processes,configuration files and log files has been created for anyone who actually wants to have a deeper insight into the system. WARNING: Keep in mind that this list is not a complete reference and only consists of elements I found useful . Before touching any binaries and processes in production environments make sure you really know what you are doing. Descriptions for various files may not be entirely correct since many of the listed tools are not documented by Cisco in any way for customers and partners. If you spot any errors just let me know.
Would you really know the real POWER behind Cisco FIREPOWER????
Then read this carefully!
The appliances 2100, 4100 and 9300 can run either FTD or ASA codes, but not both at the same time. Regardless if they run FTD or ASA, the underlying operating system will always be the FXOS. Through the FXOS supervisor, you can manage the FTD or ASA codes, and configuring the initial settings for the appliances themselves such as physical interfaces, application deployment, traffic distribution, clustering with other appliances so on and so forth.
The FXOS command line is totally different than the ASA or even FTD. FXOS also allows to run third party applications such as Radware DDoS which runs in KVM mode on its security modules, on the other side ASA and FTD run in native mode. However, FTD software module on ASA allows the ASA to run its original code, in addition to the FTD software at the same time, from within the ASA you can access to the FTD and install/configure it and then you can redirect the traffic internally from the ASA to the FTD and filter it against the security policies you apply on the FTD module.
Since I had to use the root shell various times for troubleshooting on firepower systems, I decided to document some of the various binaries and logfiles that are available on FMC and firepower sensors.
The following list only containts an overview of the various tools you can find on FMC and FTD shell.
In the future posts I will write articles for various tricks and features listed here to explain what they are doing in detail and how /when to use them each one of them.
FirePOWER Management Center
/usr/local/sf/bin/adi Identity Process (Active Directory/pxGRID/User Agent)
/usr/local/sf/bin/syncd.pl HA Daemon for FMC High Availability
/usr/local/sf/bin/CloudAgent Cloud Agent (AMP, URL Filtering, SI)
/usr/local/sf/bin/sftunnel Management SSL Tunnel
/usr/local/sf/bin/sftunnel_status.pl Check sftunnel status
/usr/local/sf/bin/pmtool FMC Management Binary (Control Processes, Display Process Health, etc.)
/usr/local/sf/bin/stats_unified.pl Check sftunnel event transfer status
/usr/local/sf/bin/manage_estreamer.pl Manage eStreamer
/usr/local/sf/bin/manage_pruning.pl Manage pruning (e.g. clear event db)
/usr/local/sf/bin/manage_HADC.pl Manage FMC High Availability
/usr/local/sf/bin/troubleshoot_HADC.pl Troubleshoot FMC High Availability
/usr/local/sf/bin/OmniQuery.pl Connect to Sybase Database
/usr/local/sf/bin/ids_event_db_info.pl Check IDS event rate of the last hour
/usr/local/sf/bin/eo_tool Object Management Tool of FMC application. Do not edit objects if you do not know what you are doing
/usr/local/sf/bin/pigtail Tail various logfiles for troubleshooting
/usr/local/sf/bin/u2dump Dump user identity mappings into a human readable format
/var/log/messages Logging for various proccesses
/usr/local/sf/cloud_download/tmp/url_db_dl.log Brightcloud Database Download Log
/var/log/urldb_log Brightcloud Database Download Log
/var/log/iprep.log Security Intelligence Feed Download Status Log
/var/log/smart_agent Smart Licensing Agent Log
/var/log/sch.log Call Home Log
/var/log/ntp.log NTP Server Connections
/var/log/process_stdout.log STDOUT Output of Processes
/var/log/process_stderr.log STDERR Output of Processes
/var/log/CSMAgent.log CSM related access logs