Skip to main content

SAST Local Services Status Monitor

This monitor provides an easy and efficient way for customers to monitor SAST services running on each machine in their enterprise. In addition, it enables cloud ops to monitor SAST services automatically.

Support for Windows

The Services Availability service, installed as part of SAST services on clean or upgraded installations, appears as CxServicesAvailability in Windows services. The service is constantly running on the machine and monitoring SAST services to detect issues and check if they are up and running.

It displays the monitored data as a JSON object inside http://localhost:8078/ and redirects it to http://localhost:8078/ServiceAvailability.

The following items were added to the Services Availability page:

  • License Expiration - The status is "Valid" if the expiration date taken from the license is still valid. If it is outdated, it is "Expired". If it was not found, it is "not_found".

  • License HID Validation - The status is "Valid" if the HID taken from the license is the same as the current HID. If it is different, it is "Invalid". If it was not found, it is "not_found"

Both items appear under a new category called "others," as shown below:

     "others": [
         {
             "name": "LicenseExpiration",
             "status": "Valid"
         },
         {
             "name": "LicenseHIDValidation",
             "status": "Valid"
         }
      ]
}

Configuration File Keys

The configuration file is as follows: C:\Program Files\Checkmarx\Checkmarx Services Availability\ServiceAvailability.conf

The default configuration is:

{
    "general": {
        "port": "8078", 
        "resultCacheTimeoutInSeconds": 30,  // result cache timeout, separate for each client ip
        "allowRemoteAccess": true,  // if false - access is only allowed from localhost
        "allowRemoteAccessErrorMessages": false   // if false - don't show detailed error messages from other machine which is not localhost
    }
}

Services Monitoring Parameters

Table 1. Services Monitoring

Service Name

LocalServices/ Connections

Service Name in JSON

Type

Environment Variables

CxComponentConfiguration Table

Monitored

Monitored by

AccessControl

connection

AccessControl_Env_Var

Web page

CX_ES_ACCESS_CONTROL_URL

Access Control

Get request to the extracted address

local service

AccessControl_Rest_Call

Web page

Access Control

Get request to Access Control page http://localhost/CxR

connection

AccessControl_SAST

Web page

IdentityAuthority

Access Control

Get request to the extracted address

ActiveMQ

connection

ActiveMQ_Env_Var

Queue

ActiveMessageQueueURL

ActiveMQ

Open TCP connection to extracted value

connection

ActiveMQ_SAST

Queue

ActiveMessageQueueURL

ActiveMQ

Open TCP connection to extracted value

Database

connection

Database

DB

CxDB

Open DB connection to CxDB

WebServer (portal)

connection

WebServer_Portal

Web page

CxWebClient

Get request to Checkmarx portal http://localhost/cxwebclient/ProjectState.aspx

WebService

local service

WebService

SOAP

CxWebService

Get request to IsAlive in SAST REST API

WebAPI

local service

WebAPI

REST

CxRestApi

Post request to IsAlive in SAST SOAP API

ScansManager

local service

ScansManager

OS Service

CxScansManager

Ping the OS services check if result "running"

JobsManager

local service

JobsManager

OS Service

CxJobsManager

Ping the OS services check if result "running"

SystemManager

local service

SystemManager

OS Service

CxSystemManager

Ping the OS services check if result "running"

ResultsService

local service

ResultsService

OS Service

CxSastResults

Ping the OS services check if result "running"

EngineService

local service

EngineService

OS Service

CxEngineService

Ping the OS services check if result "running"

IISService

local service

IISService

OS Service

IIS Admin Service

Ping the OS services check if result "running"



ActiveMQ

  • ActiveMQ_Env_Var - The program will extract the ActiveMessageQueueURL from environment variables and will open a connection to ActiveMQ.

  • ActiveMQ_SAST - The program will extract the ActiveMessageQueueURL from the CxComponentConfiguration and will open a connection to ActiveMQ.

Web Pages

  • WebServer_Portal - A get request will be made to localhost/cxwebclient/ProjectState.aspx.

  • AccessControl_Rest_Call - A get request will be made to localhost/CxRestAPI/auth/#/.

  • AccessControl_Env_Var - The program will extract the CX_ES_ACCESS_CONTROL_URL from environment variables and send a get request to the extracted address.

  • AccessControl_SAST - The program will extract the IdentityAuthority from the CxComponentConfiguration and send a get request to the extracted address.

Support for Linux

The following SAST components are monitored in Linux:

  • Engine Service

  • ActiveMQ

  • Access Control

Notice

Service Availability does not run in SSL.

Display

The JSON object will have a local-services and a connection object as described in the table above.

The following fields are displayed for each service:

  • name - the name of the service

  • status - online/offline/not_found/not_installed

  • error_message - only if the status has a “not_found” value, then the error_message field will be displayed.

The JSON object will display the name and status fields for each service.

The following is an example of the JSON object:

image-20220124-095757.png