SAST Local Services Status Monitor
This monitor provides an easy and efficient way for customers to monitor SAST services running on each machine in their enterprise. In addition, it enables cloud ops to monitor SAST services automatically.
Support for Windows
The Services Availability service, installed as part of SAST services on clean or upgraded installations, appears as CxServicesAvailability in Windows services. The service is constantly running on the machine and monitoring SAST services to detect issues and check if they are up and running.
It displays the monitored data as a JSON object inside http://localhost:8078/ and redirects it to http://localhost:8078/ServiceAvailability.
The following items were added to the Services Availability page:
License Expiration - The status is "Valid" if the expiration date taken from the license is still valid. If it is outdated, it is "Expired". If it was not found, it is "not_found".
License HID Validation - The status is "Valid" if the HID taken from the license is the same as the current HID. If it is different, it is "Invalid". If it was not found, it is "not_found"
Both items appear under a new category called "others," as shown below:
"others": [ { "name": "LicenseExpiration", "status": "Valid" }, { "name": "LicenseHIDValidation", "status": "Valid" } ] }
Configuration File Keys
The configuration file is as follows: C:\Program Files\Checkmarx\Checkmarx Services Availability\ServiceAvailability.conf
The default configuration is:
{ "general": { "port": "8078", "resultCacheTimeoutInSeconds": 30, // result cache timeout, separate for each client ip "allowRemoteAccess": true, // if false - access is only allowed from localhost "allowRemoteAccessErrorMessages": false // if false - don't show detailed error messages from other machine which is not localhost } }
Services Monitoring Parameters
Service Name | LocalServices/ Connections | Service Name in JSON | Type | Environment Variables | CxComponentConfiguration Table | Monitored | Monitored by |
---|---|---|---|---|---|---|---|
AccessControl | connection | AccessControl_Env_Var | Web page | CX_ES_ACCESS_CONTROL_URL | Access Control | Get request to the extracted address | |
local service | AccessControl_Rest_Call | Web page | Access Control | Get request to Access Control page http://localhost/CxR | |||
connection | AccessControl_SAST | Web page | IdentityAuthority | Access Control | Get request to the extracted address | ||
ActiveMQ | connection | ActiveMQ_Env_Var | Queue | ActiveMessageQueueURL | ActiveMQ | Open TCP connection to extracted value | |
connection | ActiveMQ_SAST | Queue | ActiveMessageQueueURL | ActiveMQ | Open TCP connection to extracted value | ||
Database | connection | Database | DB | CxDB | Open DB connection to CxDB | ||
WebServer (portal) | connection | WebServer_Portal | Web page | CxWebClient | Get request to Checkmarx portal http://localhost/cxwebclient/ProjectState.aspx | ||
WebService | local service | WebService | SOAP | CxWebService | Get request to IsAlive in SAST REST API | ||
WebAPI | local service | WebAPI | REST | CxRestApi | Post request to IsAlive in SAST SOAP API | ||
ScansManager | local service | ScansManager | OS Service | CxScansManager | Ping the OS services check if result "running" | ||
JobsManager | local service | JobsManager | OS Service | CxJobsManager | Ping the OS services check if result "running" | ||
SystemManager | local service | SystemManager | OS Service | CxSystemManager | Ping the OS services check if result "running" | ||
ResultsService | local service | ResultsService | OS Service | CxSastResults | Ping the OS services check if result "running" | ||
EngineService | local service | EngineService | OS Service | CxEngineService | Ping the OS services check if result "running" | ||
IISService | local service | IISService | OS Service | IIS Admin Service | Ping the OS services check if result "running" |
ActiveMQ
ActiveMQ_Env_Var - The program will extract the ActiveMessageQueueURL from environment variables and will open a connection to ActiveMQ.
ActiveMQ_SAST - The program will extract the ActiveMessageQueueURL from the CxComponentConfiguration and will open a connection to ActiveMQ.
Web Pages
WebServer_Portal - A get request will be made to localhost/cxwebclient/ProjectState.aspx.
AccessControl_Rest_Call - A get request will be made to localhost/CxRestAPI/auth/#/.
AccessControl_Env_Var - The program will extract the CX_ES_ACCESS_CONTROL_URL from environment variables and send a get request to the extracted address.
AccessControl_SAST - The program will extract the IdentityAuthority from the CxComponentConfiguration and send a get request to the extracted address.
Support for Linux
The following SAST components are monitored in Linux:
Engine Service
ActiveMQ
Access Control
Notice
Service Availability does not run in SSL.
Display
The JSON object will have a local-services and a connection object as described in the table above.
The following fields are displayed for each service:
name - the name of the service
status - online/offline/not_found/not_installed
error_message - only if the status has a “not_found” value, then the error_message field will be displayed.
The JSON object will display the name and status fields for each service.
The following is an example of the JSON object: