For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Itential provides log shipping to deliver your application logs directly to your Amazon S3 bucket. This service automatically replicates logs from Itential’s secure infrastructure to your designated storage location, giving you direct access to your logs for analysis, monitoring, and compliance.
How it works
Log shipping uses AWS S3 cross-account replication to securely transfer logs from Itential’s source bucket to your destination bucket. This provides:
Security — Logs are encrypted in transit and at rest.
Reliability — Automatic replication with AWS’s built-in durability.
Performance — Direct S3-to-S3 transfer without intermediate processing.
Cost efficiency — No additional compute resources required.
Available log types
Web server logs
HTTP access logs from your Itential application
Request/response data and performance metrics
Available for all environments (dev, staging, production)
Prerequisites
To set up log shipping, you need:
An AWS account and destination S3 bucket
An AWS Key Management Service (KMS) customer-managed key (if you use encryption)
Permissions to configure IAM policies and KMS permissions
Permissions to configure S3 bucket policies to allow Itential to send logs to your bucket
You don’t need to create or configure any IAM roles. Setup only requires updating resource policies on your S3 bucket and KMS key to trust Itential’s replication role.
Initial setup requires coordination with the Itential team. Contact your Customer Success Manager (CSM) to begin. If you don’t know who to contact, email customersuccess@itential.com or open an Itential Support Desk ticket.
This policy grants Itential’s replication service permission to write logs to your bucket and manage versioning settings. Apply the following policy to your destination S3 bucket, replacing placeholder values with those provided by Itential:
Configure the KMS key policy (if using encryption)
If your destination bucket uses KMS encryption, add the following statement to your KMS key policy. Replace the placeholder values with those provided by Itential:
1
{
2
"Sid": "Allow use of the key for Itential replication",
New logs are typically replicated within minutes of generation.
Data retention
Itential storage — Logs are retained in Itential’s infrastructure according to your service agreement and contractual data retention policies.
Your storage — You control retention policies for logs delivered to your bucket. Configure S3 lifecycle policies based on your requirements.
Security
All log data is encrypted in transit using AWS’s secure replication mechanisms.
Access to your destination bucket remains under your complete control.
Itential’s replication role has write-only access to your designated bucket.
No Itential personnel have access to your destination bucket or its contents.
Troubleshoot
Replication isn’t working
Verify that bucket versioning is enabled, check that policy syntax and account IDs are correct, and confirm the KMS key policy includes Itential’s replication role.
Access denied errors
Verify your AWS account ID matches the configuration provided to Itential, and that the bucket policy principal matches Itential’s role ARN exactly.
Missing logs
Log shipping can take up to 24 hours after initial setup to begin delivering logs. Verify your bucket region matches the configuration you provided to Itential.
Get support
Technical issues or general questions — Submit a ticket through the Itential Service Desk.
AWS-specific questions — Consult AWS documentation or your internal AWS support team.
