Configuring Servers for Linux

After you install Servers for Linux or SmartOS, use these configuration settings as appropriate.

Configuration file

The Servers configuration file is located at /etc/newrelic/nrsysmond.cfg. If you change any settings, you must restart the daemon before the changes will take effect.

Configuration settings

Here is a summary of Servers for Linux or SmartOS configuration settings.

license_key (required)
Default [none]

A valid 40-character license key is required in order for Servers for Linux to start. To view your license key: From the New Relic menu bar, select (account) > Account settings.

collector_host
Default collector.newrelic.com

Sets the hostname of the New Relic collector.

Caution: Do not change this setting unless New Relic Support advises you to do so. The format is host[:port]. A port number of 0 implies port 80 without SSL enabled, and port 443 with SSL enabled.

hostname
Default OS-level hostname

Sets the hostname of the server as it appears in New Relic. The server agent does not support spaces, and special characters besides hyphens -, underscores _, and periods . are discouraged. The name is restricted to 64 characters. For more information, see Changing the Linux server name.

ignore_reclaimable
Default false

When set to the default of false, the agent treats reclaimable memory as in-use. If set to true, the agent reports reclaimable memory as free.

labels
Default ""

A dictionary of label names and values for categories that will be applied to the data sent from this agent. This may also be expressed as a semicolon delimited string of colon-separated pairs. For example: labels=Server:One;Data Center:Primary;.

loglevel
Default error

Sets the level of detail for messages sent to the log file:

  • error
  • warning
  • info
  • verbose
  • debug
  • verbosedebug

If you encounter problems with Serves for Linux, set the loglevel to verbosedebug long enough to reproduce the problem and debug issues. You can set this from the command line by using the daemon -d option. Setting this value on the command line will override the value set in nrsysmond.cfg.

Caution: Detailed loglevel settings such as verbosedebug can generate a lot of information very quickly. Do not keep the daemon running at this level for longer than it takes to reproduce the problem.

logfile
Default [none]

Sets the name of the log file to use. You can set this from the command line by using the daemon -l option. Setting this value on the command line will override the value set in nrsysmond.cfg. Although Servers for Linux does not specify a default name for the log file, the daemon startup scripts use the -l option to set the default location and the name to /var/log/newrelic/nrsysmond.log.

pidfile
Default /tmp/nrsysmond.pid

Sets the name of the file the daemon uses to record its process ID (pid). You can set this from the command line by using the daemon -p option. Setting this value on the command line will override the value set in nrsysmond.cfg.

Although the daemon sets this to a default value of /tmp/nrsysmond.pid, the startup script almost always uses the -p option to set it to /var/run/newrelic/nrsysmond.pid.

proxy
Default [none]

Certain sites have very restrictive egress firewalls and require you to use a proxy in order to communicate with the outside world. If this applies to your site, you will need to set this value in the form user:password@hostname:port.

Several portions of this value are optional, depending on your proxy configuration.

  • If your proxy does not require a user name and password, use hostname:port.
  • If your proxy is using the default port for that proxy, the port is optional. For most proxies the default is 1080.
  • The default proxy is http. Other proxies should be specified, For example, if the proxy is socks/socks5h, specify it before the hostname: socks5h://hostname:port
ssl
Default yes

When set to yes, the proxy will only use a secure connection to communicate with the collector.

ssl_ca_bundle
Default [none]

Sets the location of a file containing CA certificates in PEM format. When set, the certificates in this file will be used to authenticate the New Relic collector servers. Use a comma-separated list of path names to bundle files. You can set this from the command line by using the daemon -b option. Setting this value on the command line will override the value set in nrsysmond.cfg.

In most cases it should not be necessary to configure a CA bundle. Servers for Linux includes the necessary CA certificates.

If ssl_ca_path also is set, the certificates in this file will be searched first, followed by the certificates contained in the ssl_ca_path directory.

This setting has no effect when ssl is set to false.

ssl_ca_path
Default [none]

Sets the location of a directory containing trusted CA certificates in PEM format. When set, the certificates in this directory will be used to authenticate the New Relic collector servers. You can set this from the command line by using the daemon -S option. Setting this value on the command line will override the value set in nrsysmond.cfg.

In most cases it should not be necessary to configure a CA path. Servers for Linux includes the necessary CA certificates.

If ssl_ca_bundle also is set, it will be searched first, followed by the certificates contained in ssl_ca_path.

This setting has no effect when ssl is set to false.

timeout
Default 30

The number of seconds Servers for Linux waits before its first attempt to contact New Relic. If the connection cannot be established in this period of time, Servers for Linux will progressively back off in 15 second increments to a maximum of 300 seconds (5 minutes).

If a timeout occurs after the initial connection, Servers for Linux always tries to reconnect every 60 seconds. The timeout value does not affect this wait time.

disable_nfs
Default false

By default, Servers for Linux will include NFS filesystems for disk monitoring. Set this flag to true if you do not wish to monitor NFS filesystems.

This option may be useful if you encounter stale filehandles on your networked file system, or have tightly access-controlled systems (rpcinfo calls not allowed between client and server). Either of these can cause the agent to pause and fail to collect data and would benefit from a true setting.

disable_docker
Default false

By default, Servers for Linux will attempt to communicate to Docker for monitoring. Set this flag to true if you do not wish to monitor Docker. If you do not run Docker you can set this to true to never run the Docker sampler, although leaving this enabled has almost no cost.

docker_connection
Default /var/run/docker.sock

This is a string value that instructs LSM how to connect to the local host's Docker API service.

If no value is set, the default is used (/var/run/docker.sock) if it exists and is writable. If no value is set and the default socket does not exist, is not writable, or otherwise fails, the system will use the value of the environment variable DOCKER_HOST.

Valid values are:

  • [NONE] (will use the default)
  • uds:///path/to/socket
  • unix:///path/to/socket
  • /path/to/socket

These three forms are all equivalent and are used to point to a UNIX-domain socket (UDS). The socket path must be absolute and the socket must be writeable.

Example sockets:

The hostname must be localhost or 127.0.0.1. The default port is 2376.

Use an unencrypted connection to localhost for tcp or http. Use an encrypted connection for https. In order to use TLS authentication you may need to set the various key and certificate options below.

You may need to add the user that LSM runs as to the docker group. For example: usermod -a -G docker newrelic. Please see the Docker web site for details and security implications.

docker_cert_path
Default $HOME/.docker

Set the default location to look for the certificate, key and CA certificate for using TLS. If no value is set and the directory $HOME/.docker exists, that is used as the default value.

LSM will look in this directory for the cert.pem, key.pem and cacert.pem, and use them if present.

In this is not set, the environment variable $DOCKER_CERT_PATH will be used as the default value.

docker_cert
Default cert.pem

Set the name of the certificate file to use for TLS to connect to the Docker API.

If this is not an absolute path it is searched for in the directory determined by docker_cert_path above. If no value is provided, the default file is cert.pem.

This file is only required if you are using a self-signed certificate for TLS authentication. If your host uses a key that was generated against a publicly signed CA certificate, you should not need to set any of docker_cert, docker_ke, or docker_cacert.

docker_key
Default key.pem

Set the name of the key file to use for TLS to connect to the Docker API.

If this is not an absolute path it is searched for in the directory determined by docker_cert_path above. If no value is provided, the default file is key.pem.

This file is only required if you are using a self-signed certificate for TLS authentication. If your host uses a key that was generated against a publicly signed CA certificate, you should not need to set any of docker_cert, docker_ke, or docker_cacert..

docker_cacert
Default cacert.pem

Set the name of the CA certificate file to use for TLS to connect to the Docker API.

If this is not an absolute path it is searched for in the directory determined by docker_cert_path above. If no value is provided, the default file is cacert.pem.

This file is only required if you are using a self-signed certificate for TLS authentication. If your host uses a key that was generated against a publicly signed CA certificate, you should not need to set any of docker_cert, docker_ke, or docker_cacert..

Firewall configuration

Servers for Linux requires your firewall to allow an outgoing connection to New Relic's networks on TCP port 80. To configure the agent for SSL, use port 443. To test the outgoing connection and incoming response, use curl or wget.

Using curl:

curl -v http://collector.newrelic.com/status/mongrel
[or]
curl -v https://collector.newrelic.com/status/mongrel  // if SSL

Using wget:

wget -O- http://collector.newrelic.com/status/mongrel
[or]
wget -O- https://collector.newrelic.com/status/mongrel  // if SSL

For more help

Additional documentation resources include:

Discuss New Relic Servers in the New Relic Community Forum! Troubleshoot and ask questions, or discuss Servers for Linux or Servers for Windows in detail.

If you need additional help, get support at support.newrelic.com.