Log Streaming is available to customers enrolled in Premier Support using a supported Appian version as per the Product Support Policy. Appian customers must purchase Premier Support to use the functionality described below. The functionality described below is not included in the base Appian platform.
Appian Cloud instances can be configured to stream supported logs, in real time, to a syslog receiver owned by customers. Once logs are stored in a central repository, customers can index, access, search, and correlate events using their existing Log Management and Security Information and Event Management (SIEM) tools.
This service operates on a push-based model, in which Appian Cloud instances are configured to send a stream of logs to the customer’s syslog receiver. Logs are forwarded in real-time as the messages are written in the Appian Cloud instance(s).
These logs can be further digested and aggregated by tools of your choice, such as Splunk, LogRhythm, and Elasticsearch-Logstash-Kibana (ELK) stack.
Customers with this service enabled on their Appian Cloud instances can integrate the information contained in the logs for a consolidated view of their enterprise operations. Some benefits of this service include:
Log Streaming supports the transmission of messages to either an on-premise syslog receiver or Sumo Logic Cloud Syslog Source.
The figure below shows an example of the message flow between your Appian Cloud instances and an on-premise syslog receiver in the customer network.
For on-premise syslog receivers, logs transmission is performed over an IPsec VPN tunnel established to the customer network. As an additional security layer, syslog messages can be encrypted using a TLS certificate installed in the syslog receiver provided by the customer. TLS encryption is enabled by default but can be disabled upon customer request.
The figure below shows an example of the message flow between your Appian Cloud instance and a Sumo Logic Cloud Syslog Source.
For Sumo Logic Cloud Syslog Source, logs transmission is performed over the Internet and traffic is encrypted with TLS using the trusted public CA provided by the customer’s Sumo Logic deployment.
The table below contains the logs to be forwarded by each Appian Cloud instance with this feature enabled. For details about the contents and frequency of the log messages, refer to the Appian Logging documentation.
|Authorization Audit 1||
|Forgot Password Requests 1||
|Password Resets 1||
|Records Usage 1||
|Blocked Files 1||
Syslog messages have the following format:
1 <PRI> <TIMESTAMP> <HOSTNAME> <TAG> <MESSAGE>
PRI: Specifies the priority of the syslog message (RFC5424)
TIMESTAMP: Date and time of the message. The value will be expressed in the timezone configured in the customer syslog receiver.
HOSTNAME: Appian Cloud instance name.
TAG: Message tag depending on the log file.
MESSAGE: Complete log message generated by the Appian component. Messages also contain timestamps expressed in Greenwich Mean Time Zone (GMT).
|Premier Support Order Form||This offering is available via Premier Support.||Business relationship owner|
|Update to a current Appian version||Appian Cloud site(s) with this feature enabled should be running a supported Appian version per the Support Policy for Prior Versions.||Authorized Support Contact|
|Set up IPSec VPN Tunnel (Only required for on-premise syslog receivers)||Customers are required to establish a VPN tunnel to their Appian Cloud instance. Refer to the Cloud VPN Integration documentation for detailed steps.||Network Administrator / Authorized support contact|
|Set up syslog receiver|| Set up a syslog receiver either in Sumo Logic or on-premise. Note the following considerations:
Once all prerequisites have been completed, customers can follow these steps to enable log streaming in their Appian Cloud instance(s):