Where does the Altiris Agent store its logs on Windows Vista and later systems?
Under the 6.0 Altiris Agent line, the location can be determined in the Registry at "HKLM\SOFTWARE\Altiris\eXpress\Event Logging\LogFile", under the "FilePath" location. By default, this would be the installation folder:
C:\Program Files\Altiris\Altiris Agent\Logs
However, due to enhanced security in Windows Vista and later operating systems, where processes that run with User credentials do not have elevated rights to modify files in the Program Files location, this path cannot be used. Instead, Windows mirrors that location to a virtual store, which appears to be in C:\Program Files by our Log viewer. The path is specific to the User account the process runs as, meaning entries created during a Software Delivery or Inventory job run as a User account, will be stored under that User profile, as follows:
%UserProfile%\AppData\Local\VirtualStore\Program Files\Altiris\Altiris Agent
Because of this security model, in Symantec Management Platform 7.0, the default Agent log path is already under the User folder. Found in the Registry at "HKLM\SOFTWARE\Altris\Altiris Agent\Event Logging\LogFile", under the "FilePath" entry, all logs can be written to this location:
C:\Users\Public\Public Documents\Altiris\Altiris Agent\Logs\