This page is an overview of F5® BIG-IP® AFM™ daemons. For information about other versions, refer to the following pages:
- F5 BIG-IP Daemons (13.x)
- F5 BIG-IP Daemons (12.x)
- F5 BIG-IP Daemons (11.x)
- F5 BIG-IP Daemons (9.x – 10.x)
For information about daemons from other modules, refer to the following pages.
When the BIG-IP system is licensed with the BIG-IP AFM, a separate set of processes are initiated in addition to the standard set of BIG-IP processes. The following table lists the core BIG-IP AFM services and indicates the impact to the BIG-IP AFM system operation if the service is not running:
Overview of F5 BIG-IP AFM daemons | |||
---|---|---|---|
Daemon | Description | Impact if not running | Relevant log files |
autodiscd | BIG-IP 15.0.0 and later. Automatically discover and detect individual servers and services on a subnet. You can promote these auto-discovered services to protect objects or virtual servers. It is part of the BIG-IP AFM system. | Automatic discovery of services does not function. | /var/log/ltm |
avrd | Reporting/charts; The AVR daemon is used by BIG-IP AFM in conjunction with monpd with no additional provisioning. | No reporting charts displayed. | /var/log/avr/avrd.log |
dwbld | The dynamic white/black daemon (dwbld) is a Control Plane daemon which supports the BIG-IP AFM IP intelligence feature. | Enforcement of dwbl will not occur. | /var/log/dwbl/dwbld.log |
pccd | The pccd is the Packet Correlation Classification Daemon. This daemon detects firewall configuration changes, re-compiles the new configuration, and serializes for TMM to enforce. | Unable to detect and compile firewall configuration changes. Hence the changes made to firewall configuration are not enforced by TMM.
Note: The firewall configuration that was successfully serialized for TMM before pccd is down continues to be enforced even if pccd is down at that instance. |
/var/log/ltm /var/log/ts/bd.log |
pgadmind | Starts up PostgreSQL server process and monitors it. | If the Inline Rule Editor is enabled, and the PostgreSQL server process is not running due to the pgadmind daemon being stopped, firewall rules cannot be viewed or edited either using the Inline Rule Editor page or the default firewall rule editor UI. | /var/log/ltm |
mgmt_acld | mgmt_acld is primarily responsible for maintaining statistics, logging, and reporting of Management Port AFM Rules. In addition, it also periodically updates the statistics counters for Management Port Rules. | Counters, logging, and reporting for Management Port Rules will not work as expected. | /var/log/ltm |
monpd | Reporting/charts used in conjunction with the avrd process. | No reporting charts are displayed. | /var/log/avr/monpd.log |
mysqld | The mysqld process is the database server storing data for Reporting/charts and Event Logs reports. | No reporting charts or Event Logs reports are displayed. | /var/lib/mysql/mysqld.err |
fslogd logmysqld |
These two daemons populate the event logs generated by TMM and other related daemons into the MySQL database. | Events from TMM and other related daemons will not be logged into MySQL database. | None |
sshplugin | The sshplugin daemon is used by BIG-IP AFM which allows to perform protocol-specific limitations on “who” can do “what” on specific SSH connections to “where”. | No capability to determine protocol-specific limitations by the specific SSH connections. | /var/log/sshplugin |
Restarting BIG-IP AFM processes
If a BIG-IP AFM daemon is not running or needs restart, F5 recommends that you restart all of the BIG-IP AFM daemons in the proper order. To do so, type the following command:
tmsh restart /sys service pccd