The daemon (newrelic-daemon) acts as a proxy between the PHP agent and the New Relic collector to reduce network traffic and to improve response time for instrumented applications. The daemon process starts when your system starts, and must be running for data to be sent to New Relic.
Recommended configuration
Beginning with version 3.0 of the PHP agent, the daemon can be automatically configured and started by the agent. Auto-configuration does not require the newrelic.cfg file. This is the recommended configuration.
However, there are still some cases where manually starting the daemon is useful. For more information about the startup process, see New Relic daemon startup modes.
Manual configuration
A sample daemon configuration file was created during installation. To manually configure the daemon, copy and rename newrelic.cfg.template
from /etc/newrelic/newrelic.cfg.template
to /etc/newrelic/newrelic.cfg
and edit the file. All settings are optional and most have default values.
The agent will not automatically start the daemon if it finds a newrelic.cfg
file in the /etc/newrelic/
directory.
- logfile
-
Default: [none]
Sets the name of the log file to use.
Can be set on the command line by the daemon -l option. Setting this value on the command line will override the value set in
newrelic.cfg
Although the daemon itself provides no default name for the log file, the daemon startup scripts use the -l option to set the default location and name to /var/log/newrelic/newrelic-daemon.log. - loglevel
-
Default: info
Sets the level of detail for messages sent to the log file. This field has the same possible values as the agent, which are, in increasing order of detail:
- error
- warning
- info
- debug
If you are encountering problems with the daemon, set the loglevel debug for at least long enough to reproduce the problem. A debug logfile is often necessary to debug issues with the proxy daemon.
Can be set on the command line using the daemon --loglevel option. Setting this value on the command line will override the value set in
newrelic.cfg
- ssl
-
Default: yes
This configuration setting is only available in PHP agent versions lower than 8.0. Versions 8.0 and higher will ignore this setting and always use HTTPS encryption to communicate with New Relic.
When set to
yes
, the proxy will only use a secure connection to communicate with the collector. While the setting specifies SSL, the setting refers to HTTPS encryption to the latest industry standards. The agent communicates with New Relic via HTTPS by default, and New Relic requires HTTPS for all traffic to New Relic APM and the New Relic REST API.Can be enabled or disabled on the command line by the daemon --tls option. Setting this value on the command line will override the value set in
newrelic.cfg
- ssl_ca_bundle
-
Default: ""
Sets the location of a file containing CA certificates in PEM format. When set, the certificates in this file will be used to authenticate the New Relic collector. In most cases it should not be necessary to configure a CA bundle. The New Relic PHP agent comes bundled with the necessary CA certificates.
If
ssl_ca_path
is also set (see below), the certificates in this file will be searched first, followed by the certificates contained in thessl_ca_path
directory.This setting has no effect when
ssl
is set tofalse
. - ssl_ca_path
-
Default: ""
Sets the location of a directory containing trusted CA certificates in PEM format. When set, the certificates in this directory will be used to authenticate the New Relic collector. In most cases it should not be necessary to configure a CA path. The New Relic PHP agent comes bundled with the necessary CA certificates.
If
ssl_ca_bundle
is also set (see above), it will be searched first followed by the certificates contained inssl_ca_path
.This setting has no effect when
ssl
is set tofalse
. - proxy
-
Default: [none]
Certain sites have very restrictive egress firewalls and require you to use a proxy in order to communicate with the outside world. If this applies to your site, you will need to set this value.
The value is in the form
scheme://user:password@hostname:port
.The values
scheme
,user
,password
, andport
may be omitted depending on your proxy configuration. For example, if you are using a HTTP proxy that does not require a user name and password, you could just usehostname:port
. The port defaults to 1080 for most proxies.Can be set on the command line using the daemon --proxy option. Setting this value on the command line will override the value set in
newrelic.cfg
- port
-
Default: /tmp/.newrelic.sock
Sets the socket endpoint the daemon will listen on. This endpoint allows agents to communicate with the daemon. This must be the same value as the agent's
newrelic.daemon.port
setting.This setting has two forms. If you specify an absolute path name then a UNIX domain socket (UDS) will be used. This is the preferred mechanism. However, you can also specify a standard TCP socket number from 1 to 65534.
Can be set on the command line using the daemon --port option. Setting this value on the command line will override the value set in
newrelic.cfg
- pidfile
-
Default: /tmp/newrelic.pid
Sets the name of the file in which the daemon will record its process ID (pid).
Although the daemon sets this to a default value of
/tmp/newrelic.pid
, the startup script almost always uses the --pidfile option to set it to/var/run/newrelic-daemon.pid
.Can be set on the command line using the daemon --pidfile option. Setting this value on the command line will override the value set in
newrelic.cfg
- auditlog
-
Default: [none]
This feature was introduced in version 3.4. When enabled, the agent will create an audit log, which contains all of the data sent from the daemon to New Relic. This data includes the full URL, date, time, and the uncompressed, un-encoded data for each request. This allows you to observe exactly what data is sent to New Relic in order to ensure no sensitive data is included.
The file specified can not be the same file as the daemon log, as described above. This audit log can become very large very quickly, so New Relic recommends that you do not use it for extended periods of time.
Can be set on the command line using the daemon --auditlog option. Setting this value on the command line will override the value set in
newrelic.cfg
For more help
Additional documentation resources include:
- New Relic for PHP (overview of features, compatibility, installation, and configuration)
- PHP agent (newrelic.ini) settings (configuration settings for the PHP agent)
- Per-directory INI Settings (configuration settings for Apache, php-fpm, API calls, nginx, and roll-up application names)