Symptom
The Secure Firewall Threat Defense (FTD) upgrade or readiness check may fail with the /bin/rm: Argument list too long and Fatal error: Failed to remove snort stat files older than 70 days. error messages.
# cd /var/log/sf/Cisco_FTD_SSP_Upgrade-7.0.5/upgrade_readiness/000_start
# cat 410_check_disk_space.sh.log
**********************************************************
[230103 14:30:40:045] Starting script: 000_start/410_check_disk_space.sh
Entering 000_start/410_check_disk_space.sh...
./functions.install: line 1473: /bin/rm: Argument list too long <----
[230103 14:30:41:020] Failed to remove snort stat files older than 70 days..rm return code=126 <----
Fatal error: Failed to remove snort stat files older than 70 days.
Fatal error: Failed to remove snort stat files older than 70 days.
The failure is caused by the long argument list passed to the rm command.
Conditions
- Large number of snort pcap and stats files:
PCAP files are located in /ngfw/var/tmp/ and have file names match the regex snort-pcap-*.
Stats files are in /ngfw/var/sf/detection_engines and file names match the regex *[0-9][0-9]-[0-9][0-9]. This is the example of matching files:
admin@fpr1:/$ cd /ngfw/var/sf/detection_engines/a42923a8-21ec-11ed-8d45-3161a7558f9e/instance-1
admin@fpr1:/ngfw/var/sf/detection_engines/a42923a8-21ec-11ed-8d45-3161a7558f9e/instance-1$ pwd
/ngfw/var/sf/detection_engines/a42923a8-21ec-11ed-8d45-3161a7558f9e/instance-1
...
rna-2021-12-13
rna-2021-12-14
rna-2021-12-15
rna-2021-12-16
rna-2021-12-17
rna-2021-12-18
rna-2021-12-19
...
Further Problem Description
As part of the readiness check and upgrade, to free disk space, the system deletes old PCAP and snort stats files.
It is an expected behavior. This symptoms of this defects are observed when the deletion fails due to large number of files.
