Your agent stops reporting data when using New Relic's PHP agent on an operating system which either includes SELinux by default or has been added to the environment for security purposes.
New Relic does not influence decisions on how to configure your server security or processes you allow to run. We are not responsible for the security decisions for your software and they should be reviewed as meeting your own security policies before implementing.
The agent's PHP extension and daemon communicate by default via /tmp/.newrelic.sock (Unix socket). SELinux, if not configured to allow the extension and daemon communicate, will prevent those two agent components from communicating with each other when SELinux is set to Enforcing mode.
SELinux is a security software designed to limit the communication of processes on your environment. SELinux is a powerful tool in server security. As such, it should be implemented and configured to suit your own server environment.
To resolve this issue, there are 3 options:
- Configure SELinux to allow New Relic to communicate
With SELinux, you can configure a custom policy to allow for communication. This process, however, is outside of the scope of New Relic support and should be handled by your own security policies.
The necessary steps are available on the internet and are easily located by searching for "SELinux policy module creation."
- Set SELinux to permissive mode
This may be used as a temporary measure to verify that SELinux is responsible for data not being reported.
Setting SELinux to permissive mode allows your services to operate without restrictions. The default setting is restored if you restart the server.
To set to permissive mode, use the command:
- Disable SELinux
New Relic does not actively encourage disabling security software and configuring SELinux to allow New Relic to function fully is the optimal decision.
If you decide that disabling SELinux is the right decision for your server, use the following steps to permanently disable SELinux:
Edit the SELinux
sysconfigfile using this command:
SELINUX=setting and change it to:
Restart your server in order for the setting to take effect.