NewRelic not listing all processes on server monitoring

Question

I have set up a server monitoring on New Relic and on the processes list, only nrsysmond (the deamon reporting data to NewRelic) is listed and no other processes (like apache, postgresql, etc.). After many search, I only found a turnaround for Cloud Linux but I'm on a dedicated server, running Debian 7, so it does not work.

I tried to raise newrelic user privilege by assigning it to adm group (event root with some hope) but it does not change anything.

I also tried to add hidepid=0,gid=adm flags on the proc line on /etc/fstab but the result is also the same.

Do you have any idea on how to fix this ?

Answer 1

You can add newrelic user to "procread" group:

usermod -a -G procread newrelic

Answer 2

After posting on the New Relic forum, it appears that it was due to grsecurity.

Indeed, this security patch for Linux kernel was present on my server and one of its feature is hiding processes that do not belong to the user checking it. As the new relic daemon is monitoring processes as a UNIX user (newrelic in this situation), it is concerned by this restriction and so he can only see it own processes.

To check if grsecurity is applied to your kernel, type uname -a a have a look a the result. For me it contains 3.14.32-xxxx-grs-ipv6-64 (which is my Linux kernel), and grs in it stands for grsecurity.

I tried to find a way to edit its configuration to disable only this feature, but it seems that I should have to recompile my kernel (not really sure about this, feel free to leave a comment if you have more information !).

So I replaced my kernel with the same version, but without grsecurity patch applied to it, and now it works like a charm.