Attempt to Upgrade Firepower Devices Results in Failure "006_check_snort.sh"

Available Languages

Download Options

  • PDF     (151.5 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (157.0 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (126.8 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:February 20, 2020
Document ID:215211

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes a specific upgrade failure scenario seen on Firepower Threat Defense (FTD) when the upgrade procedure is not properly followed. It also covers the proposed solution.

    Problem

    An attempt to perform an upgrade results in the Update Install failed error as shown in this screenshot:

    Analysis

    In the FTD Troubleshoot file, under this path ('x' characters will vary), there is a file named status.log. The file contains the transcript of the upgrade:
    results-xx-xx-xxxx--xxxxxx\dir-archives\var-log\sf\Cisco_FTD_SSP_Upgrade-6.x.x

    state:running
ui:Upgrade has begun.
ui:[ 0%] Running script 000_start/000_check_update.sh...
ui:[ 1%] Running script 000_start/100_start_messages.sh...
ui:[ 3%] Running script 000_start/105_check_model_number.sh...
ui:[ 4%] Running script 000_start/106_check_HA_sync.pl...
ui:[ 5%] Running script 000_start/107_version_check.sh...
ui:[ 7%] Running script 000_start/109_check_HA_MDC_status.pl...
ui:[10%] Running script 000_start/125_verify_bundle.sh...
ui:[12%] Running script 000_start/400_run_troubleshoot.sh...
ui:[13%] Running script 200_pre/001_check_reg.pl...
ui:[14%] Running script 200_pre/002_check_mounts.sh...
ui:[14%] Running script 200_pre/003_check_health.sh...
ui:[15%] Running script 200_pre/006_check_snort.sh...
ui:[15%] Fatal error: Error running script 200_pre/006_check_snort.sh    <-- the problem

    Additionally, under this path there is a file named 006_check_snort.sh.log  which further describes the reason for the failure:
    results-xx-xx-xxxx--xxxxxx\dir-archives\var-log\sf\Cisco_FTD_SSP_Upgrade-6.x.x\200_pre

    In this case, the file contains these messages:

    Entering 200_pre/006_check_snort.sh...
Snort build is too old. 
Please apply AC Policy from FMC before attempting upgrade.

    There are a few reasons why this error can occur:

    • Your Firepower Management Center was updated; however, the sensor which attempts to upgrade has not had a new policy deployment pushed out towards it.
    • Your Firepower Management Center has updated its Snort Rule Update (SRU); however, the sensor which attempts to upgrade has not had a new policy deployment pushed out towards it

    In either situation the resolution is the same.

    Solution

    Once you have verified that the device encounters this issue, simply deploy a policy to the affected device in order to resolve the error. From Firepower Management Center, check the box next to the device to be upgraded and click Deploy.

    Once this is performed, proceed with your upgrade.

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    24-Jan-2020
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Jeff Jackson
      Cisco TAC Engineer
    • Jay Johnston
      Cisco TAC Engineer
    • Magnus Mortensen
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products