09-28-2022 05:09 AM
Hello,
We are experiencing severe delays while at the same time, we are observing high cpu on server.
On the amp logs, we see the following:
ampdaemon[221] [scan]:[error]-[scan_cloud.137]:[122584022532]: the cloud query failed to be sent after reaching the maximum cloud requeue limit or a general error occurred: 0x670
Anyone experiencing the same? Any ideas?
09-28-2022 11:32 AM
High CPU is one issue and this log might be another issue. Besides opening TAC case there is few things that you can check on your own. Based on your log output assuming this is Linux server.
#1: I will make sure that you are on supported version, not only form AMP perspective, but also based on your OS/Kernel version
https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215163-amp-for-endpoints-linux-connector-os-com.html
#2: Verify the installation process, pay good attention to the GPG section as that is very important for proper connector functionality
#3: Gather diagnostic logs , this will be need it if you open TAC case to help you resolve this issue.
however if you know where to look you can verify outputs in the diagnostic bundle from
The two files are helpful to determine top talkers and craft exclusion if need it.
Here is article on how to analyze MacOS Diagnostic Bundle which is very similar to Linux one.
https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215570-analize-macos-amp-diagnostic-bundle-for.html
#4: As a last resort I would also try completely remove AMP download fresh new copy from AMP portal and install the client again
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide