Ruby agent audit log

For security auditing purposes, the Ruby agent records all data sent to the New Relic collector to a log file in a human readable format. This feature is available starting with Ruby agent version 3.5.5.

Configure the audit log

Enable this feature only if you need detailed information on what is being transmitted for debugging or auditing purposes. Enabling this feature for an extended period of time may overload the audit log file.

The audit log is disabled by default, and it must be enabled manually. To enable, add the following to your newrelic.yml file: audit_log.enabled: true.

By default, the New Relic Ruby agent writes the audit log to a file next to the main New Relic agent log at log/newrelic_audit.log. To control the location of the audit log file, set the audit_log.path configuration parameter to the full path where you want the audit log.

Audit log content

The audit log file does not need special tools in order to be read. It contains two lines for each request that the New Relic agent makes to the New Relic collector:

  • The first line lists the host and URI path that the request was made against.
  • The second line includes the full request body contents in a human-readable format.

Request bodies in the audit log do not represent the exact byte-sequences sent to the New Relic collector, as they may have several layers of encoding applied before transmission to the New Relic collector. However, when they are dumped to the audit log, no other information is added to outgoing requests.

To capture the raw request bodies in their encoded form, use a packet-capture tool such as tcpdump.

Request body format

The format of the request body depends on the communication format used by the agent:

  • Newer Ruby versions use JSON for data serialization, so the audit log will contain JSON representations of request bodies.
  • Older Ruby versions use Ruby's native Marshal format to serialize request bodies. Because this is an opaque format, the audit log contains the result of calling Object#inspect. This produces a human-readable representation of the request object graph immediately before serialization.

For more help

Join the discussion about Ruby in the New Relic Online Technical Community! The Technical Community is a public platform to discuss and troubleshoot your New Relic toolset.

If you need additional help, get support at support.newrelic.com.