Proxy daemon (newrelic.cfg) settings

The daemon (newrelic-daemon) acts as a proxy between the PHP agent and the New Relic collector to reduce network traffic and to improve response time for instrumented applications. The daemon process starts when your system starts, and must be running for data to be sent to New Relic.

Beginning with version 3.0 of the PHP agent, the daemon can be automatically configured and started by the agent. Auto-configuration does not require the newrelic.cfg file. This is the recommended configuration.

However, there are still some cases where manually starting the daemon is useful. For more information about the startup process, see New Relic daemon startup modes.

Manual configuration

A sample daemon configuration file was created during installation. To manually configure the daemon, copy and rename newrelic.cfg.template from /etc/newrelic/newrelic.cfg.template to /etc/newrelic/newrelic.cfg and edit the file. All settings are optional and most have default values.

The agent will not automatically start the daemon if it finds a newrelic.cfg file in the /etc/newrelic/ directory.

logfile
Default: [none]

Sets the name of the log file to use.

Can be set on the command line by the daemon -l option. Setting this value on the command line will override the value set in newrelic.cfg Although the daemon itself provides no default name for the log file, the daemon startup scripts use the -l option to set the default location and name to /var/log/newrelic/newrelic-daemon.log.

loglevel
Default: info

Sets the level of detail for messages sent to the log file. This field has the same possible values as the agent, which are, in increasing order of detail:

  • error
  • warning
  • info
  • debug

If you are encountering problems with the daemon, set the loglevel debug for at least long enough to reproduce the problem. A debug logfile is often necessary to debug issues with the proxy daemon.

Can be set on the command line using the daemon --loglevel option. Setting this value on the command line will override the value set in newrelic.cfg

ssl
Default: yes

This configuration setting is only available in PHP agent versions lower than 8.0. Versions 8.0 and higher will ignore this setting and always use HTTPS encryption to communicate with New Relic.

When set to yes, the proxy will only use a secure connection to communicate with the collector. While the setting specifies SSL, the setting refers to HTTPS encryption to the latest industry standards. The agent communicates with New Relic via HTTPS by default, and New Relic requires HTTPS for all traffic to New Relic APM and the New Relic REST API.

Can be enabled or disabled on the command line by the daemon --tls option. Setting this value on the command line will override the value set in newrelic.cfg

ssl_ca_bundle
Default: ""

Sets the location of a file containing CA certificates in PEM format. When set, the certificates in this file will be used to authenticate the New Relic collector. In most cases it should not be necessary to configure a CA bundle. The New Relic PHP agent comes bundled with the necessary CA certificates.

If ssl_ca_path is also set (see below), the certificates in this file will be searched first, followed by the certificates contained in the ssl_ca_path directory.

This setting has no effect when ssl is set to false.

ssl_ca_path
Default: ""

Sets the location of a directory containing trusted CA certificates in PEM format. When set, the certificates in this directory will be used to authenticate the New Relic collector. In most cases it should not be necessary to configure a CA path. The New Relic PHP agent comes bundled with the necessary CA certificates.

If ssl_ca_bundle is also set (see above), it will be searched first followed by the certificates contained in ssl_ca_path.

This setting has no effect when ssl is set to false.

proxy
Default: [none]

Certain sites have very restrictive egress firewalls and require you to use a proxy in order to communicate with the outside world. If this applies to your site, you will need to set this value.

The value is in the form scheme://user:password@hostname:port.

The values scheme, user, password, and port may be omitted depending on your proxy configuration. For example, if you are using a HTTP proxy that does not require a user name and password, you could just use hostname:port. The port defaults to 1080 for most proxies.

Can be set on the command line using the daemon --proxy option. Setting this value on the command line will override the value set in newrelic.cfg

address (alias for port)
Default: /tmp/.newrelic.sock

Sets the socket endpoint the daemon will listen on. This endpoint allows agents to communicate with the daemon. This must be the same value as the agent's newrelic.daemon.address setting. This can be specified in these ways:

  • Recommended. To use a specified file as a UNIX domain socket (UDS), provide an absolute path name as a string.
  • To use a standard TCP port, specify a number in the range 1 to 65534.
  • To use an abstract socket, use the value @newrelic-daemon (available for agent version 5.2.0.141 or higher).
  • To enable connections from applications that are running on different hosts (helpful for container environments), set this value to host:port, where host denotes the host name or IP address of the local host, and port denotes a valid port number. Both IPv4 and IPv6 are supported. This is available for PHP agent version 9.2.0.247 or higher.

These options may also be set via the command line using the daemon --address option. Setting this value on the command line will override the value set in newrelic.cfg.

pidfile
Default: /tmp/newrelic.pid

Sets the name of the file in which the daemon will record its process ID (pid).

Although the daemon sets this to a default value of /tmp/newrelic.pid, the startup script almost always uses the --pidfile option to set it to /var/run/newrelic-daemon.pid.

Can be set on the command line using the daemon --pidfile option. Setting this value on the command line will override the value set in newrelic.cfg

auditlog
Default: [none]

This feature was introduced in version 3.4. When enabled, the agent will create an audit log, which contains all of the data sent from the daemon to New Relic. This data includes the full URL, date, time, and the uncompressed, un-encoded data for each request. This allows you to observe exactly what data is sent to New Relic in order to ensure no sensitive data is included.

The file specified can not be the same file as the daemon log, as described above. This audit log can become very large very quickly, so New Relic recommends that you do not use it for extended periods of time.

Can be set on the command line using the daemon --auditlog option. Setting this value on the command line will override the value set in newrelic.cfg

For more help

Recommendations for learning more: