This page applies to BIG-IP® APM® 11.x. For information about other versions, refer to the following pages:
- F5® BIG-IP Daemons (13.x)
- F5 BIG-IP Daemons (12.x)
- F5 BIG-IP Daemons (11.x)
- F5 BIG-IP Daemons (9.x – 10.x)
For information about daemons from other modules, refer to the following pages.
When the BIG-IP system is licensed with BIG-IP APM, a separate set of processes is initiated in addition to the standard set of BIG-IP processes. The following table lists the core BIG-IP APM services, and indicates the impact to the BIG-IP APM system operation if the service is not running:
F5 BIG-IP APM daemons (11.x) | |||
---|---|---|---|
Daemon | Description | Impact if not running | Relevant log files |
acctd | The RADIUS accounting daemon used by BIG-IP APM to send RADIUS accounting start and stop messages to external RADIUS servers. | RADIUS accounting messages are not sent to external RADIUS servers. | /var/log/apm |
aced | The aced process provides RSA SecurID authentication functionality for BIG-IP APM’s access policy engine. | RSA SecurID authentication fails. | /var/log/apm |
apd | The apd process runs a BIG-IP APM access policy for a user session. | No access policy enforcement. | /var/log/apm |
apmd | The apmd process provides an MPI interface for BIG-IP APM access policy execution. | No access policy enforcement for MPI reliant processes such as rewrite and websso. | /var/log/apm |
antserver | The antserver process allows Secure Web Gateway (SWG) to dynamically filter web content. | No dynamic web content filtering. | /var/log/apm |
dnscached | The dnscached process provides DNS cache functionality to BIG-IP APM subsystems. | BIG-IP APM DNS performance is impaired. | /var/log/apm |
eam | The eam process provides external access management for 3rd party identity integration such as Oracle Access Manager (OAM) SSO. | OAM SSO authentication fails. | /var/log/apm |
eca | The eca process provides the client-side NTLM authentication mechanism. | BIG-IP APM is unable to authenticate using NTLM. | /var/log/apm |
logd | The logd process provides database-backed local logging for the BIG-IP APM system. | BIG-IP APM local logging functionality is impaired. | /var/tmp/logd.out |
nlad | The nlad process establishes communication channels to the Domain Controller (DC) for NTLM authentication. | No NTLM communication to back-end DC. | /var/log/apm |
omapd | The omapd process provides the IF-MAP server implementation for SWG and AFM™ user identification. | No user identification for SWG. | /var/log/omapd |
rba | The rba process provides support for client-side Kerberos authentication. | No Kerberos authentication. | /var/log/apm |
rewrite | The rewrite process rewrites links in web content for Portal Access. | Portal Access web links are not rewritten. | /var/log/rewrite |
samlidpd | The samlidpd process interacts with the mcpd process to automate SAML IdP connector creation. | SAML IdP connector creation fails. | /var/log/saml_automation.log |
urldb | The urldb process categorizes incoming URLs for SWG. | No SWG URL categorization. | /var/log/apm, /var/log/urldb-trace.log |
urldbmgrd | The urldbmgrd process downloads and indexes the URL categorization database for use by the urldb process. | URL categorization for SWG is impaired. | /var/log/apm, /var/log/urldbmgr-trace.log |
vdi | The vdi process handles communication for XML-based clients and backend systems, such as Citrix and VMware View. | Citrix integration and RDP access fails. | /var/log/apm |
websso | The websso process provides Single Sign-On (SSO) functionality for the BIG-IP APM system. | SSO fails. | /var/log/apm |
Starting and stopping BIG-IP APM processes
You can use the command line to manage BIG-IP APM processes. To stop, start, or restart any BIG-IP APM processes, use the following syntax with the bigstart command:
bigstart
In this command syntax, note the following:
- refers to the action for bigstart, such as stop, start, or restart
- is the name of the BIG-IP APM process
- Note: For information about using the bigstart utility, refer to the bigstart man page or K4080: Adding and removing services included in the ‘bigstart’ process.
Related Content
AI Recommended Content
- Security Advisory – K000151008: Quarterly Security Notification (May 2025)
- Security Advisory – K000148591: Appliance mode BIG-IP iControl REST and tmsh vulnerability CVE-2025-31644
- Security Advisory – K000139571: BIG-IP HTTP vulnerability CVE-2025-36557
- Security Advisory – K000150668: TMM vulnerability CVE-2025-41431
F5 support engineers who work directly with customers write Support Solution and Knowledge articles, which give you immediate access to mitigation, workaround, or troubleshooting suggestions.