This article applies to BIG-IP 9.x through 10.x. For information about other versions, refer to the following article:
Note: For information about BIG-IP daemons, refer to the following articles:
When the BIG-IP system is licensed with BIG-IP ASM, a separate set of processes is initiated, in addition to the standard set of BIG-IP processes. The following table lists the core BIG-IP ASM services, and indicates the impact to the BIG-IP ASM system operation if the service is not running:
| F5 BIG-IP ASM daemons (9.x – 10.x) | |||
|---|---|---|---|
| Daemon | Description | Impact if not running | Relevant log files |
| bd | The bd process implements the BIG-IP ASM security policy on the HTTP requests it receives from TMM. | No traffic passes for ASM enabled virtual servers | /ts/log/bd.log |
| bd_agent | The bd_agent process delivers policy configuration data to the bd process, and forwards bd event information to the rest of the system. | No enforcer configuration updates, no statistics (not including forensics) | /var/log/asm, /ts/log/bd_agent.log |
| dcc | The dcc process forwards policy updates to bd through the bd_agent, and handles bd events received from the bd_agent.
The dcc process also contains the tsconfd thread, which subscribes to mcpd messages that process the resultant BIG-IP ASM configuration updates. |
No enforcer configuration updates, and no statistics (not including forensics) | var/log/asm, /ts/log/dcc.log |
| verify_dcc | The verify_dcc process is a watchdog process that monitors the dcc process, and reports any failures to the recovery_mngr.pl process, which handles restarting the dcc process.
Note: Removed in version 10.1.0 and merged into the nwd daemon. |
No monitoring of dcc | /ts/log/verify_dcc.log, /var/log/asm |
| mysqld | The mysqld process contains the security policy, and policy builder log data. | No traffic is passed through the BIG-IP ASM | 9.x: /var/lib/mysqld.err
10.x: /var/lib/mysql/mysqld.err |
| verify_mysql | The verify_mysql process is a watchdog process that monitors the mysqld db server, restarts it if needed, and reports any failures to the recovery_mngr.pl process.
Note: Removed in version 10.1.0 and merged into the nwd daemon. |
No mysql monitoring | /ts/log/verify_mysql.log, /var/log/asm |
| clean_db | The clean_db process monitors BIG-IP ASM db tables and prevents them from exceeding predefined limits. | Old database records are not deleted and may fill the disk | /ts/log/clean_db.log, /var/log/asm |
| log_manager | The log_manager process runs BIG-IP ASM-specific log file tasks, such as preparing the bad_msg.merge.log file for the learning process, archiving BIG-IP ASM log files (in /ts/log), and generating USER_ACTIVITY events from the db tables.
Note: version 10.2.2 and earlier only |
BIG-IP ASM debug logs (non syslog) will not be rotated to tar archives | /var/log/asm, /ts/log/log_manager.log |
| recovery_manager | The recovery_manager process starts the BIG-IP ASM daemons in their proper order, restarts daemons when watchdogs report failures, and configures db replication. | The BIG-IP ASM system will continually restart | /var/log/asm, /ts/log/recovery_mngr.log |
| crawler_manager | The crawler_manager process starts and stops the policy builder.
Note: version 10.1.0 and earlier only |
No control of policy builder actions | /ts/log/crawler_manager.log, /var/log/asm |
| learning_manager | The learning_manager process populates the learning tables that are used for building security policies.
The process is also used for forensics purposes. |
No learning suggestions | /ts/log/learning_manager.log, /var/log/asm |
| attack_manager | The attack_manager process populates the Attacks reports db tables, which are based on security events.
Note: version 10.0.1 and earlier only |
No attack statistics | /ts/log/attack_manager.log, /var/log/asm |
| nwd | The nwd process is a watchdog process that monitors the other BIG-IP ASM daemons, and attempts to restart the daemons if they fail. The nwd daemon reports daemons that fail to restart to the recovery_mngr.pl process. | BIG-IP ASM daemons are not brought up on failure | /ts/log/nwd.log, /var/log/asm |
| asmcsd | The asmcsd process maintains the state of the BIG-IP ASM configuration and triggers failover action if necessary. The asmcsd process spawns the asm_config_server, asm_config_rpc_handler, and asm_config_rpc_handler_async processes to perform these functions. The asmcsd process was introduced in BIG-IP ASM version 10.x. |
No failover action on configuration failure | /var/log/asm, /ts/log/asmcsd.log |
| pabnagd | The pabnagd process is responsible for automated policy building operations. | No automated policy building operations are performed. | /var/log/ts/pabnagd.log |
Restarting BIG-IP ASM processes
If any one of the ASM daemons are not running or need to be restarted, F5 recommends that you use the following command:
bigstart restart asm
The above command restarts all of the ASM daemons in the proper order.
