Topic
This article applies to BIG-IP 13.x. For information about other versions, refer to the following articles:
- K67197865: BIG-IP daemons (14.x)
- K89999342: BIG-IP daemons (12.x)
- K13444: BIG-IP daemons (11.x)
- K8035: BIG-IP daemons (9.x – 10.x)
The BIG-IP system daemons perform a variety of functions, such as managing load-balanced traffic, configuring and controlling the switch chips, monitoring the health and performance of pool members, and performing high availability (HA) failover actions.
Description
The following table lists a description for the BIG-IP daemons, the impact to the BIG-IP system operation if the daemon is not running, and any relevant log files:
| Daemon | Description | Impact if not running | Relevant log files |
|---|---|---|---|
| alertd | The alert daemon monitors system error messages and triggers proper actions, such as sending snmptrap and displaying messages on the panel. | No alerts | /var/log/ltm |
| apm_websso | The apm_websso daemon provides support for static credential-based authentication for forward proxy chaining. | The forward proxy chaining feature does not function for BIG-IP APM. | /var/log/daemon.log /var/log/apm |
| autodosd | The autodosd daemon is a control plane process which supports the BIG-IP AFM DoS Auto Threshold feature. | Thresholds for denial of service (DoS) alert and rate limit are no longer set automatically. | /var/log/ltm |
| avrd | The avrd process collects, aggregates, and publishes application performance data for the BIG-IP Analytics module. | The Analytics module does not collect, aggregate, and publish application performance data | /var/log/avr/avrd.log |
| bcm56xxd | The switch daemon configures and controls the Broadcom 56xx switch chips. | No switch traffic, LEDs not functional, STP and LACP not functional | /var/log/ltm /var/log/bcm56xxd |
| bdosd | The Behavioral DoS daemon (bdosd) is a control plane process that supports the BIG-IP AFM DoS Dynamic Signatures feature. | No automatic generation of signatures for DoS attack detection and mitigation. | /var/log/bdosd |
| bigd | The bigd monitor daemon provides system health checks. | Monitoring not available | /var/log/ltm |
| big3d | The big3d process is used by BIG-IP GTM and Enterprise Manager to collect statistics from remotely managed BIG-IP LTM devices. This process is also used by BIG-IP GTM for auto-discovery of objects. | No statistics collection or auto-discovery of objectsAdditionally, BIG-IP DNS GSLB monitoring may be affected. | /var/log/em /var/log/gtm/ |
| cbrd | The XML content based routing daemon provides document parsing functionality for the XML profile. | Virtual servers cannot parse XML documents | /var/log/cbr/cbrd.log /var/log/ltm |
| cand | The cand process manages the CAN buses for multiple clients (over UDP/SLIP/PPP). It manages utility communication between all cards in the VIPRION chassis, fan trays, and the Annunciator panel. | Loss of function and communication between devices in the CAN bus | /var/log/ltm |
| chmand | The chassis manager daemon implements the following HAL capabilities: platform identification, synchronization with SCCP/AOM, device discovery, chassis sensor monitoring, and chassis configuration (management & serial interfaces). | Cannot perform platform ID, enumerate interfaces, and push/publish platform info to MCPD | /var/log/ltm |
| clusterd | The clusterd process manages blade clustering for VIPRION systems. | Blade clustering does not function | /var/log/ltm |
| crond | The cron daemon executes scheduled commands and scripts. | Cannot execute scheduled commands | /var/log/cron /var/log/daemon.log |
| csyncd | For all platforms, the csyncd process populates the software image table. In addition, on VIPRION systems, the csyncd process replicates portions of the file system between cluster members. | For all platforms, the software image table is not updated and users cannot view or manage the latest software image list using the Configuration utility. In addition, on VIPRION systems, no synchronization amongst cluster members | /var/log/ltm |
| DBDaemon | DBDaemon is a multi-threaded long-running java process which is used by bigd to perform SQL monitoring. | SQL monitoring does not function. | /var/log/DBDaemon-[0-9]*.log |
| devmgmtd | The device management daemon establishes and maintains device trust group functionality. | Loss of device trust functionality | /shared/tmp/devmgmtd.out /var/log/ltm |
| diskevent | The diskevent daemon monitors additions/removals of disks and major disk errors on multi-disk systems. | No monitoring/logging of major disk errors on multi-disk systems | /var/log/daemon.log |
| dwbld | The dynamic white/black daemon (dwbld) is a Control Plane daemon that supports the AFM IP intelligence feature. | Enforcement of dwbl will not happen | /var/log/dwbl/dwbld.log |
| dynconfd | The dynconfd process manages a list of DNS servers (resolvers) as part of the FQDNv2 implementation of the BIG-IP LTM monitors. The implementation permits users to configure node and pool-member instances using a fully qualified domain name (FQDN), in which IP addresses are resolved through a lookup to a DNS server. | Communication with the DNS servers is lost, and FQDN monitoring fails. | /var/log/ltm |
| errdefsd | Logging daemon that moves logs out of TMM into a userland application and moves logs to logging publishers. | Required for using HSL over mgmt interface | /var/log/ltm |
| eventd | The event daemon provides asynchronous event notification, using iControl messaging. | iControl-based subscription messaging fails | /var/log/ltm |
| evrouted | The evrouted process handles all events on the local control plane and directs the messages to the appropriate subscribed process. | Processes that subscribe to the evrouted process will not receive any information | When the log.evrouted.level database key is configured with Debug, debug messages are logged to the /shared/tmp/evrouted.out file. |
| fpdd | The front panel display daemon draws screens on the LCD panel and manages LEDs on all platforms. | No front panel access or data | /var/log/ltm |
| gtmd | The gtmd process initiates iQuery connections to big3d, processes monitor and path probe requests, forwards response information to TMM, as needed. | Global traffic functionality will not be performed. | /var/log/gtm |
| guestagentd | guestagentd runs on a vCMP guest for the purpose of communicating information such as system version, provisioning, high availability status, and TMM-related information to the vCMP host. | vCMP guest information and statistics will not be communicated to the vCMP host. | /var/log/ltm |
| hostagentd | hostagentd runs on a vCMP host for the purpose of receiving information, such as system version, provisioning, high availability, and TMM-related information from the vCMP guest. | vCMP guest information and statistics will not be received from the vCMP guest. | /var/log/ltm |
| httpd | The http daemon performs HTTP web server functions. | The BIG-IP Configuration utility does not function | /var/log/httpd/httpd_errors |
| hwpd | A helper process that assists ePVA/DNS hardware acceleration functions (only present on A112/B2250 blades) | ePVA/DNS hardware Acceleration does not function. | /var/log/ltm /shared/tmp/hwpd.out |
| icrd_child | The iControl Rest Child daemon (icrd_child) is used for mapping tmsh commands to/from REST API requests. | No command access for iControl using REST. | /var/log/icrd |
| iprepd | The iprepd daemon is responsible for interaction with 3rd parties (Webroot/BrightCloud), to bring IP Intelligence functionality to the BIG-IP system. This daemon connects to the BrightCloud server, downloads the IP reputation database, and shares it with the Data plane of different modules, like LTM, ASM, AFM, etc. This database contains a list of IP addresses and their threat codes. | The IP reputation database will not be updated | /var/log/iprepd/iprepd.log |
| ipsd | The ipsd process compiles a signature blob, upgrades Image Packaging System (IPS) IM packages, and periodically runs learning scripts. | IPS signature matching, IPS learning, IPS upgrade does not work. | If the database variable tmm.protocol_inspection.log.level is set to Debug then IPS process writes to /var/log/ipsd.out |
| keymgmtd | The keymgmtd daemon provides CA-bundle management functionality. | The CA-bundle management function as expected. | /var/log/ltm |
| lacpd | The link aggregation control daemon creates link aggregation groups (trunks) based on user configuration. It implements IEEE 802.3ad – Link Aggregation Control Protocol (LACP). It also implements the high-availability feature Switchboard Failsafe. | No link aggregation functionality | /var/log/ltm |
| lind | The lind process manages software installation/volume creation tasks. | No software installation functionality | /var/log/ltm |
| lldpd | The lldpd process interacts with bcm56xxd to receive and send LLDP PDUs. lldpd collects BIG-IP local information from mcpd and sends out the LLDP PDU per EEE 802.1ab specification on LLDP TX-enabled ports. When lldpd receives LLDP PDU on an LLDP RX-enabled port, lldpd saves or modifies the neighbor information as statistics. lldpd checks to see if bcm56xxd is running, so this daemon only runs on hardware platforms, not virtual editions. | LLDP attributes will not be advertised | /var/log/ltm |
| logstatd | The logstatd process parses log data for utilities such as the BIG-IP Dashboard. | Loss of some logging data; the Dashboard utility does not function | /var/log/ltm |
| lopd | The lopd process is the lights-out processor (LOP) daemon for the following BIG-IP platforms: VIPRION 2400, 5xx0 (C109), 20×0 (C112), 40×0 (C113), 7xx0 (D110), 100×0/102×0 (D113). | The LOP subsystem does not function | /var/log/ltm |
| mcpd | The master control program daemon is the messenger service that allows two-way communication between userland processes and the Traffic Management Microkernel (TMM). | No traffic management functionality; the system status cannot be retrieved or updated, and the system cannot be re-configured; other daemons will not be functional | /var/log/ltm |
| merged | The merged process integrates statistical data at defined intervals. | Statistical data is not available for system utilities/graphs | /var/log/ltm |
| monpd | The monpd process is used in conjunction with the avrd process for reporting/charts. | No reporting charts are displayed | /var/log/avr/monpd.log |
| named | The named process is the DNS server daemon. | No BIND functionality | /var/log/messages /var/log/daemon.log |
| neurond | The neurond process handles the interaction between the BIG-IP system and the Neuron Network Search Processor chip for some platforms in BIG-IP 13.1.0 and later. | Packet processing still occurs; however, the enhanced flow acceleration provided by the Neuron chip cannot be used. | /var/log/ltm /var/log/neurond |
| ntlmconnpool | The ntlmconnpool daemon is the plug-in process for the NTLM profile. | NTLM connection pooling does not function as expected | /var/log/ltm |
| ntpd | The ntp daemon sets and maintains the system time. | System time is not updated. | /var/log/ltm /var/log/daemon.log |
| oauth | The oauth daemon allows APM to be configured to act as an OAuth 2.0 client and resource server, or to act as an OAuth 2.0 authorization server. | The OAuth feature does not function as expected. | /var/log/apm /var/log/daemon.log |
| overdog | The overdog process monitors the high availability table for failover action types of restart, restart-all or reboot. When the overdog process receives a signal that one of these failover action types is true, the configured failover action is triggered. This process cannot be managed using the Traffic Management Shell (tmsh). | Failover action types of restart, restart-all or reboot will not occur. | /var/log/ltm |
| ovsdb-server | The ovsdb-server daemon communicates with OVSDB-capable controllers to receive VXLAN tunnel endpoint configuration information. | BIG-IP cannot be managed via the OVSDB protocol | /var/log/openvswitch/ovsdb-server.log /var/tmp/vxland.out /var/log/vxland.log**13.1.0 and later |
| pfmand | The pfmand process handles link monitoring, link statistics, and media settings for some platforms such as the BIG-IP 2000 and 4000 series. | Link monitoring, link statistics, and media settings lose functionality | /var/log/daemon.log |
| pgadmind | Starts up PostgreSQL server process and monitors it. pgadmind is primarily used for AFM in-line rule editor but it is also used for system configuration. | If the Inline Rule Editor is enabled, and the PostgreSQL server process is not running due to the pgadmind daemon being stopped, firewall rules cannot be viewed or edited either using the Inline Rule Editor page or the default firewall rule editor UI. | /var/log/ltm |
| ping_access_agent | The ping_access_agent daemon allows APM to act as a Policy Enforcement Point (PEP) in place of PingAccess agents installed on web servers. | The Policy Enforcement Point (PEP) feature does not function on APM. | /var/log/apm |
| pkcs11d | The pkcs11d process acts as an interface between the BIG-IP daemons/utility that need to access the third-party network- connected HSMs (like Thales and Safenet). | SSL connections cannot be established on a virtual server that is associated with an SSL profile that references the affected certificate/key pair stored on the Thales HSM. | /var/log/ltm |
| racoon | The racoon daemon is an open source user-space daemon running on the Linux system. This daemon handles Internet Key Exchange (IKE) for IPsec. Note: To manage (such as start, stop or restart) the racoon service, you must perform the desired action on the tmipsecd service. Process dependencies will apply the desired action to the racoon service. For more information, refer to K33404337: The tmsh and bigstart utilities can no longer be used to individually manage the racoon process. |
IPsec tunnels will not function | /var/log/racoon.log |
| restjavad | The restjavad daemon provides control-plane access to the BIG-IP using an http REST api. | Unable to access the control plane. | /var/log/restjavad.[0-9]*.log |
| restnoded | The restnoded daemon provides control-plane access to the BIG-IP using an http REST api. | Limited REST access to the control plane | /var/log/restnoded.[0-9]*.log |
| rmonsnmpd | The RMON snmp daemon provides remote monitoring, alarm, and event functionality. | Partial loss of SNMP functionality | /var/log/daemon.log |
| scriptd | The scriptd process runs application template implementation scripts when an application service is created or updated. | Scripts are not started/stopped as expected | /var/log/ltm /var/tmp/scriptd.out |
| sflow_agent | The sflow_agent is an SNMP subagent that handles polling and SNMP accessibility. | The sflow data will not be available by way of SNMP | /var/log/sflow_agent.log |
| snmpd | The snmp daemon is the master SNMP agent. Without this daemon, no data is exposed by SNMP, including data from the SNMP subagents. The process also exposes common SNMP data. | No SNMP functionality | /var/log/daemon.log /var/log/ltm |
| sod | The switch over (failover) daemon causes the unit to become active or standby, and provides failover capability through a high-availability table. | No failover capability | /var/log/ltm |
| sshd | The ssh daemon provides remote access to the BIG-IP system command line interface. | No SSH command line access | /var/log/daemon.log |
| statsd | The stats daemon collects statistics from the system and records them in the rrd files. | No rrd data recorded for system graphs | /var/log/ltm |
| stpd | The stp daemon implements the IEEE Spanning Tree Protocol (STP) to prevent bridge loops. The protocols include the original STP, Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP). | No bridge loop detection | /var/log/ltm /var/log/daemon.log |
| syscalld | The syscall daemon manages system call functions. | Loss of system call functions | /var/log/ltm |
| syslog-ng | The syslog-ng process performs system logging based on the syslog-ng utility. | Unable to generate system logs | /var/log/messages /var/log/daemon.log |
| tamd | The traffic authorization daemon authorizes traffic. | No remote authentication/authorization functionality | /var/log/ltm /var/log/secure |
| tmipsecd | The tmipsecd process subscribes to notifications from IPsec-related configuration objects. | No IPsec-related notifications | /var/log/tmipsecd |
| tmm | The traffic management microkernel is the process running on the BIG-IP host O/S that performs all of the local / global traffic management for the system. | Loss of all traffic management functionality for the system | /var/log/tmm /var/log/ltm |
| tmrouted | The routing table management daemon updates the TMM routing table based on the kernel routing table. | TMM cannot learn or advertise routes | /var/log/ltm |
| tomcat | The tomcat daemon provides web server functions for the BIG-IP web utility. Tomcat is an open-source implementation of Java Servlet and JavaServer Pages technologies developed under the Jakarta project at the Apache Software Foundation. | The BIG-IP Configuration utility does not function | /var/log/tomcat/catalina.out |
| vcmpd | The vcmpd process performs most of the work to create and manage guests, as well as configure the virtual network. | The BIG-IP system will not be able to manage or run vCMP guests. | /var/log/ltm /var/log/vcmp |
| vxland | The vxland daemon manages multicast sockets and routing for IGMP protocol activity; it also manages OVSDB-controlled VXLAN configurations. | VXLAN traffic is impaired | /var/tmp/vxland.out /var/log/vxland.log**13.1.0 and later |
| websso | The websso daemon is a TMM plug-in that performs single-sign-on (SSO) functionality for Web access through the BIG-IP APM system. | SSO does not function for BIG-IP APM. | /var/log/daemon.log |
| zrd | The zrd process is the ZoneRunner daemon. This daemon is active only on systems running the BIG-IP GTM module. | ZoneRunner does not function | /var/log/gtm |
| zxfrd | The zxfrd process manages zone transfers and writes to the zone database files. | The DNS Express feature does not function as expected | /var/log/ltm |
Recommendations
You can stop, start, restart, or view the status of a daemon, using the TMOS Shell (tmsh), bigstart command, or the Configuration utility.
Using tmsh
To stop, start, restart, or view the status of a daemon using tmsh, use the following command syntax:
tmsh stop /sys service
tmsh start /sys service
tmsh restart /sys service
tmsh show /sys service
For example, to restart the named daemon, you would type the following command:
tmsh restart /sys service named
Using the bigstart command
To stop, start, restart, or view the status of a daemon using the bigstart command, use the following command syntax:
bigstart stop
bigstart start
bigstart restart
bigstart status
For example, to display the status of the named daemon, you would type the following command:
bigstart status named
Using the Configuration utility
You can use the Configuration utility to stop, start, restart, or view the status of some system services. To do so, perform the following procedure:
- Log in to the Configuration utility.
- Navigate to System > Services.
- In the Service column, locate the name of the service you want to start, stop, or restart.
- Select the check box next to the desired service name.
- Click the desired Start, Stop, or Restart button.
- To confirm the action, click OK.
