Cisco Cisco Firepower Management Center 4000
54-7
FireSIGHT System User Guide
Chapter 54 Monitoring the System
Understanding Running Processes
Daemons continually run on an appliance. They ensure that services are available and spawn processes
when required. The following table lists daemons that you may see on the Process Status page and
provides a brief description of their functionality.
when required. The following table lists daemons that you may see on the Process Status page and
provides a brief description of their functionality.
Note
The table below is not an exhaustive list of all processes that may run on an appliance.
Table 54-5
System Daemons
Daemon
Description
crond
Manages the execution of scheduled commands (cron jobs)
dhclient
Manages dynamic host IP addressing
fpcollect
Manages the collection of client and server fingerprints
httpd
Manages the HTTP (Apache web server) process
httpsd
Manages the HTTPS (Apache web server with SSL) service, and checks for working SSL and
valid certificate authentication; runs in the background to provide secure web access to the
appliance
valid certificate authentication; runs in the background to provide secure web access to the
appliance
keventd
Manages Linux kernel event notification messages
klogd
Manages the interception and logging of Linux kernel messages
kswapd
Manages Linux kernel swap memory
kupdated
Manages the Linux kernel update process, which performs disk synchronization
mysqld
Manages FireSIGHT System database processes
ntpd
Manages the Network Time Protocol (NTP) process
pm
Manages all Cisco processes, starts required processes, restarts any process that fails
unexpectedly
unexpectedly
reportd
Manages reports
safe_mysqld
Manages safe mode operation of the database; restarts the database daemon if an error occurs
and logs runtime information to a file
and logs runtime information to a file
SFDataCorrelator
Manages data transmission
sfestreamer
(Defense Center only)
Manages connections to third-party client applications that use the Event Streamer
sfmgr
Provides the RPC service for remotely managing and configuring an appliance using an sftunnel
connection to the appliance
connection to the appliance
SFRemediateD
(Defense Center only —
requires FireSIGHT)
requires FireSIGHT)
Manages remediation responses
sftimeserviced
(Defense Center only)
Forwards time synchronization messages to managed devices
sfmbservice
(requires Protection)
Provides access to the sfmb message broker process running on a remote appliance, using an
sftunnel connection to the appliance. Currently used only by health monitoring to send health
events and alerts from a managed device to a Defense Center or, in a high availability
environment, between Defense Centers
sftunnel connection to the appliance. Currently used only by health monitoring to send health
events and alerts from a managed device to a Defense Center or, in a high availability
environment, between Defense Centers
sftroughd
Listens for connections on incoming sockets and then invokes the correct executable (typically
the Cisco message broker, sfmb) to handle the request
the Cisco message broker, sfmb) to handle the request