Skip to content

Update java-agent-configuration-config-file.mdx #21473

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 15, 2025
Merged

Update java-agent-configuration-config-file.mdx #21473

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
249 changes: 249 additions & 0 deletions ...cs/apm/agents/java-agent/configuration/java-agent-configuration-config-file.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5058,6 +5058,255 @@ You can set the New Relic Security agent configuration in the `security` section
New Relic Security agent interactive applications security testing (IAST) mode requires [Java agent version 8.4.0 or higher](/docs/agents/java-agent/installation/upgrade-java-agent).
</Callout>

## Skip Applications [#skip-applications]

The agent can be selectively disabled based on the startup main class or executable jar file that is extracted from the command line. This is handy in situations where the "JAVA_TOOL_OPTIONS" environment
variable is present and contains the -javaagent flag but we don't want to apply the instrumentation to all java apps in the environment - for example in a Kubernetes container.

<Callout variant="important">
The skip configuration is only supported via an environment variable because of how early in the agent lifecycle the skip configuration needs to be checked.
</Callout>

For diagnostic purposes, if the `NEW_RELIC_STARTUP_JAVA_ARTIFACT_SKIPS` variables is defined, the agent will print the extracted command line and parsed skip tokens to stdout:
```
New Relic Agent: Configured startup Java artifacts skip string: keytool,Main
New Relic Agent: Retrieved current startup command line / main artifact name: /Users/bob/.sdkman/candidates/java/11.0.17-amzn/bin/keytool
```

If the agent is disabled based on the defined skip variable, the following will be dumped to stdout:
```
----------
New Relic Agent is disabled by startup skip configuration.
----------
```

<CollapserGroup>
<Collapser
id="cfg-skip-configuration"
title="NEW_RELIC_STARTUP_JAVA_ARTIFACT_SKIPS"
>
<table>
<tbody>
<tr>
<th>
Type
</th>

<td>
List of strings
</td>
</tr>

<tr>
<th>
Default
</th>

<td>
(none)
</td>
</tr>
</tbody>
</table>

A comma separated list of main classes, executable jar files or Java based tools/apps that the agent should NOT instrument. For example:
`NEW_RELIC_STARTUP_JAVA_ARTIFACT_SKIPS=keytool,myapp.jar,IgnoreThisClass`.
</Collapser>

<Collapser
id="cfg-security-enabled"
title="enabled"
>
<table>
<tbody>
<tr>
<th>
Type
</th>

<td>
Boolean
</td>
</tr>

<tr>
<th>
Default
</th>

<td>
`false`
</td>
</tr>
</tbody>
</table>

Determines whether the security data is sent to New Relic or not. When this is disabled and agent.enabled is true, the security module will run but data will not be sent. Default is false.
</Collapser>

<Collapser
id="cfg-security-mode"
title="mode"
>
<table>
<tbody>
<tr>
<th>
Type
</th>

<td>
String
</td>
</tr>

<tr>
<th>
Default
</th>

<td>
`IAST`
</td>
</tr>
</tbody>
</table>

New Relic Security provide mode: IAST. Default is IAST. Due to the invasive nature of IAST scanning, DO NOT enable this mode in either a production environment or an environment where production data is processed.
</Collapser>

<Collapser
id="cfg-security-validator-service-url"
title="validator_service_url"
>
<table>
<tbody>
<tr>
<th>
Type
</th>

<td>
String
</td>
</tr>

<tr>
<th>
Default
</th>

<td>
`wss://csec.nr-data.net`
</td>
</tr>
</tbody>
</table>

New Relic Security’s SaaS connection URL. This is the endpoint that the security agent sends data to, it should match that environment that you have set for the APM Java agent.

US Production: wss://csec.nr-data.net
</Collapser>

<Collapser
id="cfg-security-detection-rci-enabled"
title="detection.rci.enabled"
>
<table>
<tbody>
<tr>
<th>
Type
</th>

<td>
Boolean
</td>
</tr>

<tr>
<th>
Default
</th>

<td>
`true`
</td>
</tr>
</tbody>
</table>

Enable RCI security event detection. Default is true.
</Collapser>

<Collapser
id="cfg-security-detection-rxss-enabled"
title="detection.rxss.enabled"
>
<table>
<tbody>
<tr>
<th>
Type
</th>

<td>
Boolean
</td>
</tr>

<tr>
<th>
Default
</th>

<td>
`true`
</td>
</tr>
</tbody>
</table>

Enable RXSS security event detection. Default is true.
</Collapser>

<Collapser
id="cfg-security-detection-deserialization-enabled"
title="detection.deserialization.enabled"
>
<table>
<tbody>
<tr>
<th>
Type
</th>

<td>
Boolean
</td>
</tr>

<tr>
<th>
Default
</th>

<td>
`true`
</td>
</tr>
</tbody>
</table>

Enable deserialization security event detection. Default is true.
</Collapser>
</CollapserGroup>

<Callout variant="important">
New Relic Security agent interactive applications security testing (IAST) mode requires [Java agent version 8.4.0 or higher](/docs/agents/java-agent/installation/upgrade-java-agent).
</Callout>


## Slow transaction Detection

The agent can now detect slow transactions via `SlowTransaction` events since Java Agent version `8.7.0`.
Expand Down
Loading