Cisco FirePower – How To Generate a Troubleshoot File

The following will explain how to generate a Troubleshoot File on Cisco FirePower FTD and FPMC, this file is also known as a TS file by Cisco TAC.

The below example is version 7.x

1. Navigate to System > Health > Monitor on the management appliance web interface in order to get to the Health Monitor page.

2. If you need management centre logs click “Firewall Management Center” from left menu, then click “View System& Troubleshoot Details”

3. You will now see an option to “Generate Troubleshooting Files” selecting this will generate the file which you can later download via message centre.

To download the logs from a FTD device repeat above steps but when on monitoring screen select the relevant FTD node and click “Generate Troubleshooting Files”

Once you have generated the relevant files, you can download them from the message centre, they will show under “tasks” where it says “click here” once you click that it will start to download the file to your local PC.

A Cisco Firepower Troubleshoot File, often generated when diagnosing issues, contains a comprehensive set of logs and configuration data from the Firepower system. Here’s what typically can be found in this file:

1. System Logs:
   • Detailed system logs including kernel logs, syslogs, and other essential logs capturing system events and errors.
   • Logs from various services running on the Firepower device.
2. Configuration Files:
   • Current device configuration details.
   • Network settings, interface configurations, and routing information.
3. Database Information:
   • Metadata and statistics from internal databases used by the Firepower system.
   • Information about connections, users, and session states.
4. Event Logs:
   • Security event logs capturing intrusion, malware, and other threat detections.
   • Traffic logs showing allowed, blocked, or inspected traffic.
5. System Health Data:
   • CPU, memory, and disk usage statistics.
   • Information on hardware health, including fan speeds and temperature readings.
6. Process and Service Status:
   • Running processes and their statuses.
   • Details of active services and their configurations.
7. Crash Dumps (if any):
   • Core dumps or crash reports if the system experienced a crash or significant error.
8. Audit Logs:
   • Records of administrative actions and system changes.
   • User access logs and authentication details.
9. Version and Patch Information:
   • Information about the firmware version, installed patches, and software updates.
10. Network Captures (if enabled):
    • Packet captures for specific interfaces or traffic patterns for deep analysis.

This comprehensive data helps Cisco support and network administrators diagnose and resolve issues efficiently by providing a deep insight into the system’s state and behaviour.