APM security: C SDK

EOL NOTICE

From April 2022, we don't support the C SDK capability. For more details, see our Support Forum post.

Due of the nature of the C SDK, you have direct control over what data is reported to New Relic. To ensure data privacy and to limit the types of information New Relic receives, no customer data is captured except what you supply in your API calls. In addition, the C SDK reports all data to New Relic over HTTPS.

For more information about our security measures, see our security and privacy documentation, or visit the New Relic security website.

Default security settings

By default, this is how the C SDK handles the following potentially sensitive data. For more information, including code values and examples, see the C SDK documentation about data structures on GitHub.

Type of information	C SDK data security
Datastore instance name or database name	The `newrelic_datastore_segment_config_t` is a struct that configures whether a datastore's instance name and table name are captured for datastore segment instrumentation. Instance names: By default, the configuration returned by `newrelic_new_config()` enables datastore segments with `instance_reporting` set to `true`. Database names: By default, the configuration returned by `newrelic_new_config()` enables datastore segments with `database_name_reporting` set to `true`.
SQL	The `record_sql` setting in the `newrelic_transaction_tracer_config_t` controls the SQL format in transaction traces for supported SQL-like products. The default setting, `NEWRELIC_SQL_OBFUSCATED`, sets alphanumeric characters to `?`.
Audit mode	The audit log is a plain text logging of all data sent to New Relic by the C SDK. When starting the C SDK daemon, add `-auditlog <file>` to the daemon configuration file. For example: bash `$./newrelic-daemon -f -logfile stdout -loglevel debug -auditlog audit.log` Tip To see all of the available options for the C daemon: At the command line, type: bash `$./newrelic-daemon --help`

Type of information

C SDK data security

Datastore instance name or database name

The newrelic_datastore_segment_config_t is a struct that configures whether a datastore's instance name and table name are captured for datastore segment instrumentation.

Instance names: By default, the configuration returned by newrelic_new_config() enables datastore segments with instance_reporting set to true.
Database names: By default, the configuration returned by newrelic_new_config() enables datastore segments with database_name_reporting set to true.

SQL

The record_sql setting in the newrelic_transaction_tracer_config_t controls the SQL format in transaction traces for supported SQL-like products. The default setting, NEWRELIC_SQL_OBFUSCATED, sets alphanumeric characters to ?.

Audit mode

The audit log is a plain text logging of all data sent to New Relic by the C SDK. When starting the C SDK daemon, add -auditlog <file> to the daemon configuration file. For example:

bash

$./newrelic-daemon -f -logfile stdout -loglevel debug -auditlog audit.log

Tip

To see all of the available options for the C daemon: At the command line, type:

bash

$./newrelic-daemon --help

Customize security settings

If the default settings do not work for your business needs, you can customize how information is sent to New Relic by altering the newrelic_datastore_segment_config_t and the newrelic_transaction_tracer_config_t.

Caution

If you customize your configuration, it may impact the security of your application.

EOL NOTICE

Default security settings .css-21sua1{background:none;border:none;width:0;padding:0;}

Tip

Customize security settings

Caution

Default security settings