Cisco FirePOWER: eStreamer fails after upgrade to 6.2.0.4

Another case of eStreamer failure after FMC upgrade. This time after upgrade from 6.2.0.2 to 6.2.0.4 it worked for a week and after reboot ceased to send longs to Splunk.The following errors can be seen in the log.

firepower SF-IMS[8734]: [20144] Event Streamer:sfestreamer [INFO] Estreamer_Poll – Got Try Again while waiting for 65 acks (1 poll retries in the past 5 minutes)

After taking all the steps from my other post and discovering it was a bug you will have two options: either apply HotFix from TAC (only works on 6.2.0.2 so rollback was required for me) or upgrade to 6.2.2. I went with the latter option. FMC upgrade went fine and eStreamer started working as expected. Now all I’ve to do is upgrade remote sites with 1.2GB upgrade file. Time to start pre-uploading upgrade script out-of-band to all the sensors.

Leave a reply:

Your email address will not be published.

Site Footer

Sliding Sidebar