Runtime Monitoring issues
This section lists the errors that you may experience when setting up or using Runtime Monitoring.
Runtime coverage issues
When the runtime coverage of your protected resources become Unhealthy, the GuardDuty console provides the exact issue type. After you have the issue type, use the following documents to view the troubleshooting steps for each supported resource type:
Troubleshooting out of memory error in Runtime Monitoring (Amazon EC2 support only)
This section provides the troubleshooting steps when you experience out of memory error based on the CPU and memory limit to deploy the GuardDuty security agent manually.
If systemd terminates the GuardDuty agent because of the
out-of-memory issue and you evaluate that providing more memory to the GuardDuty agent
is reasonable, you can update the limit.
-
With the root permission, open
/lib/systemd/system/amazon-guardduty-agent.service. -
Find
MemoryLimitandMemoryMax, and update both the values.MemoryLimit=256MB MemoryMax=256MB -
After updating the values, restart the GuardDuty agent by using the following command:
sudo systemctl daemon-reload sudo systemctl restart amazon-guardduty-agent -
Run the following command to view the status:
sudo systemctl status amazon-guardduty-agentThe expected output will show the new memory limit:
Main PID: 2540 (amazon-guardduty) Tasks: 16 Memory: 21.9M (limit: 256.0M)
My AWS Step Functions workflow is failing unexpectedly
If the GuardDuty container contributed to the workflow failure, see Troubleshooting Amazon ECS-Fargate runtime coverage issues. If the issue persists, then to prevent the workflow failure because of the GuardDuty container, perform one of the following steps:
-
Add the
GuardDutyManaged:falsetag to associated Amazon ECS cluster. -
Disable the automated agent configuration for AWS Fargate (ECS only) at the account level. Add the inclusion tag
GuardDutyManaged:trueto the associated Amazon ECS cluster that you want to continue monitoring with the GuardDuty automated agent.
