Configuring Advanced Logging for Notification Server and Symantec Management Agent
search cancel

Configuring Advanced Logging for Notification Server and Symantec Management Agent

book

Article ID: 179702

calendar_today

Updated On:

Products

IT Management Suite Client Management Suite

Issue/Introduction

When troubleshooting complex issues in the IT Management Suite (ITMS), default logging levels often lack the granularity needed to identify the root cause. Standard logs may capture high-level events but omit the granular handshakes and data transfers between components.

To provide Symantec Support with a comprehensive data set, engineers must frequently enable Verbose or Trace logging. This article provides the necessary steps to:

  • Configure Advanced Logging: Adjust severity levels on both the Notification Server (SMP) and Windows-based Symantec Management Agents (SMA).

  • Enable Debug Mode: Configure non-Windows (ULM) agents for deep-dive diagnostics.

  • Manage Retention: Increase log file volume and history to ensure critical data isn't overwritten during long-running processes.

Environment

ITMS 8.6.x, 8.7.x, 8.8.x

Cause

Standard logging typically captures Errors, Warnings, and basic Information. To diagnose advanced issues, the logging configuration must be adjusted to increase the Severity level, the MaxFiles (retention), and the MaxSize (volume). This can be accomplished via the SMP Console, the Altiris Log Viewer, or direct Registry modifications.

Resolution

Section 1: Windows Agent and Server Logging (Registry Method)

Logging configurations for the Notification Server (SMP) and the Symantec Management Agent (SMA) are managed via separate registry paths.

Note: These registry keys may not exist by default. If they are missing, manually create the "Event Logging" and "LogFile" keys as needed.

Registry Paths

  • Notification Server (SMP): HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Event Logging\LogFile

  • Symantec Management Agent (SMA): HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent\Event Logging\LogFile

Value NameRecommended (Agent)Recommended (Server)Data TypeDescription
Severity255 (0xFF)255 (0xFF)DWORDEnables Verbose, Trace, and all logging levels.
MaxFiles100200DWORDNumber of historical log files to retain.
MaxSize10002000DWORDMaximum size of each log file (in KB).
FilePathDefaultDefaultStringCustom storage location (leave blank for default).

Default File Paths:

  • SMP Logs: C:\ProgramData\Symantec\SMP\Logs (Files: aXX.log)

  • Agent Logs: C:\ProgramData\Symantec\Symantec Agent\Logs (Files: agentXX.log)

Section 2: Configuration via LogViewer2.exe

The LogViewer2.exe utility is the most efficient way to adjust settings on the fly without manual registry edits.

  1. Navigate to the Diagnostics folder on the SMP Server: C:\Program Files\Altiris\Diagnostics\.

  2. Launch LogViewer2.exe.

  3. Click Options > Log Options > NS Settings.

  4. Check the boxes for Trace and Verbose.

    • Tip: On a high-traffic Notification Server, it is recommended to increase MaxFiles rather than MaxSize to ensure the Log Viewer remains responsive when parsing data.

Section 3: Configuration via SMP Console (Server Only)

  1. In the SMP Console, go to Settings > All Settings.

  2. Navigate to Notification Server > Notification Server Settings.

  3. Select the Logging tab.

  4. Adjust the logging level to include Trace and Verbose.

Section 4: ULM Agent (Unix, Linux, Mac)

To enable debug logging on non-Windows endpoints, use the aex-helper utility via the terminal:

  1. Enable Verbose Logging:

    sudo aex-helper agent -s "Configuration" debug_level DEVNOTE

  2. Set Log Size to Unlimited:

    sudo aex-helper agent -s "Configuration" debug_file_size 0

  3. Restart the Agent to Apply:

    sudo /opt/altiris/notification/nsagent/bin/rcscript restart

Appendix: Severity Level Reference

The Severity registry key is a bitmask value. While 255 enables all levels, you can use specific decimal values for targeted troubleshooting:

  • 1 = Errors

  • 2 = Warnings

  • 4 = Information

  • 8 = Trace

  • 16 = Verbose

  • 255 = Full Logging (All options enabled)

Alternative Method: Automated Diagnostic Tasks

For environments requiring logging changes across multiple endpoints, we have created specific Tasks to automate these registry modifications.

  • Reference: Please see Altiris Diagnostic Tasks for downloadable tasks that can be imported into the SMP Console to apply these settings remotely.

[!IMPORTANT] Disk Space Warning: Increasing log size (MaxSize) and retention counts (MaxFiles) will consume additional disk space. Ensure the target drive (typically C:) has sufficient overhead before applying these changes to prevent service interruptions.

Additional Information

Please see KB Altiris Diagnostic Tasks for Tasks that can be imported to the SMP Console to make these Registry changes for you.

Powered by Wolken Software