HTTP Bug in legacy alerts?

I’m running nginx/1.8.1 + Phusion Passenger 5.0.26 on Ubuntu 14.04. We have alerts set up for a single page on the site, which include searching for a text string. I’m getting tons of false alarms which I think are caused by the way the NewRelicPinger deals with HTTP connections, though the specifics are hard to figure out.

Repeatedly, it seems as though the output of the response is truncated in exactly the same place (which is before the string that the agent looks for, which is what’s triggering the alerts). Including the headers, I’m seeing that the New Relic Agent reports that it received 2425 bytes, although I’m not sure if that’s counting all the whitespace since there’s no easy way to copy and paste cleanly without the browser’s dev tools.

In my nginx log, I see this:

50.112.95.211 - - [20/May/2016:14:17:39 -0400] "GET /status HTTP/1.0" 200 19687 "-" "NewRelicPinger/1.0 (1288921)"

which indicates that nginx successfully sent quite a bit more data than what new relic received. Is this a known issue? What’s going on here?

The New Relic Pinger response doesn’t have a Transfer-Encoding: chunked header. How did it even manage that? Setting both Connection: close and Accept-Encoding: identity was the closest I could get, but it still doesn’t omit the chunked transfer encoding. I wish you could include the headers of the request as well as the response so I could try to debug this!

Hey @liambowen, Thanks for getting in touch, I’m going to get this into a support ticket to help investigate. Watch out for my email :smiley: :e-mail: