Depending on how it was compiled, the GRS or GRSecurity kernel can restrict file access to certain users. This can potentially prevent the sd-agent user from opening certain files required to gather metrics - Specifically Network, Disk IO and Top Process/Process Count metrics. Due to the nature of custom kernels we cannot offer a universal guide, however we've put together the following which might help.
Reading from /proc/*
Certain metrics require the ability to read from /proc/*. If the kernel was compiled with
CONFIG_GRKERNSEC_PROC=y CONFIG_GRKERNSEC_PROC_USER=y
then the sd-agent will be unable to read /proc/* to gather certain metrics unless the sd-agent is run as the root user - This is not recommended.
However, if the kernel was compiled with
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=1001
Then you can add the sd-agent to group 1001 to allow access to read /proc/*.
groupadd -g 1001 grs
usermod -a -G grs sd-agent
Once you restart the agent you will begin to see metrics for Network and Disk IO. For Top Process & Process Count you will see an increase in metrics data collected.
Finding your compile options
In some environments you can find your GRS kernel options using the following command:
grep 'CONFIG_GRKERNSEC_*' /boot/config-$(uname -r)
Comments