Skip to main content

Viewing Structured Logs Using Kibana

Structured Checkmarx SAST log data can be uploaded to Kibana. Using Kibana you can analyze and display the log data and create customized dashboards.

Prerequisites

  1. In the SAST database, enable the SPLIT_MESSAGE_WITH_MULTIPLE_LINES_TO_MULTIPLE_MESSAGES option in the EngineConfiguration table, by using the following command:

    UPDATE [CxDB].[Config].[CxEngineConfigurationKeysMeta] SET [DefaultValue] = 'true' WHERE [KeyName] = 'SPLIT_MESSAGE_WITH_MULTIPLE_LINES_TO_MULTIPLE_MESSAGES'
  2. Configure the Checkmarx logs so they are displayed in a structured format, by ensuring that the appsettings.json file looks similar to the following:

    SAST_logs_structured_for_Kibana.png

    Then the log output will be displayed in a structured format, similar to the following:

    SAST_logs_output_structured_for_Kibana.png
  3. Ensure that Elastic Search and Kibana are installed and configured.

    For more information, refer to the Elasticsearch and Kibana installation instructions.

Uploading log files to Kibana

  1. Upload the Checkmarx log file, such as EngineScanLog, to Kibana.

  2. Save the log file as a data source.

  3. Open the index in the Discover view.

  4. Select your saved source. The log information is displayed similar to the following screenshot:

    Elastic_Discover.png

Querying information using the Kibana Query Language (KQL)

  1. In the Discover view, select your source.

  2. In the filter field, enter a custom KQL syntax query. For example, to display sample engine query total results, enter the following syntax:

    field15: "\"Queries\"" and field17: *Total\:*

    The results of the query is shown below:

    Elastic_Workspace.png

Creating dashboards

  1. In the Dashboard view, create graphic visualizations of the log data that you want to display. For example, you can create a donut chart to view log level distribution.

    Elastic_with_Donut.png
  2. You can add several graphic visualizations to your dashboard.

  3. Save your dashboard.

Managing objects

You can manage and share your saved objects, using the following panel:

Elastic_with_Saved_Objects.png