I'm trying to figure out why I can't see any in formation on my processes in New Relic for my server running ASL. Is there a way to whitelist the nrsysmond (new relic) process in ASL so I can still use their reporting?
I'm not sure whether traffic to New Relic is being blocked or whether is is the process itself being blocked.
Any insight?
New Relic
-
- Long Time Forum Regular
- Posts: 2813
- Joined: Sat Aug 20, 2005 9:30 am
- Location: The Netherlands
Re: New Relic
As which user is nrsysmond running? The ASL kernel only lets a process see processes owned by the same owner (except for root, which is almighty).
Lemonbit Internet Dedicated Server Management
Re: New Relic
Ahh that makes sense. It is running as user "newrelic". So then this would need to run as either "tortix" or "root" basically for the process reporting to work correctly?breun wrote:As which user is nrsysmond running? The ASL kernel only lets a process see processes owned by the same owner (except for root, which is almighty).
-
- Long Time Forum Regular
- Posts: 2813
- Joined: Sat Aug 20, 2005 9:30 am
- Location: The Netherlands
Re: New Relic
If you want the process to be able to 'see' all processes you'd have to run it as root when running the ASL kernel. Of course you'd have to trust the nrsysmond process to not do anything naughty when running as root.
Lemonbit Internet Dedicated Server Management
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: New Relic
Theres a special group that bypasses this. If you add a user to gid 1001, that will allow the user to see all the processes, and any restricted elements in /proc.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: New Relic
Nice thanks!mikeshinn wrote:Theres a special group that bypasses this. If you add a user to gid 1001, that will allow the user to see all the processes, and any restricted elements in /proc.
I ran:
# usermod -a -G procread newrelic
And now I have everything. Thanks I figured it was straightforward.
Re: New Relic
Yes !!! Thank you. Worked for me on CentOS 6.5. I also needed to restart newrelic-sysmond:
Code: Select all
/etc/init.d/newrelic-sysmond restart