How "Archive log files that are older than" settings works
search cancel

How "Archive log files that are older than" settings works

book

Article ID: 245097

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Under the SMP Console > Settings menu > All Settings >Notification Server > Notification Server Settings > Logging tab, there is this setting called "Archive log files that are older than",

How does this work?
What does this setting do?
Can we use this setting to "keep" NS logs for a longer time, like six months (180 days) work of NS logs?

Environment

ITMS 8.5, 8.6

Resolution

This setting archives NS logs that meet the criteria based on the time range selected on this option. By default this setting is turned off.  As example, we will use the default  "1 days"

When "NS.NS Log Archive Schedule.{4754ff9c-911b-4d67-9eb0-4d530fb456ab}" scheduled task will be executed at 05:00 AM, it will archive all available NS logs older than 1 day and remove them from
"C:\ProgramData\Symantec\SMP\Logs" so there will be no duplicate logs remaining for next day Archiving logs task execution.

All daily archived logs will be stored in "C:\ProgramData\Symantec\SMP\Logs\Archive"
--/// Checked that if there will be 200 log files with 2mb size, then their zipped summary size will be ~44mb.

All these zipped logs can be successfully drag and drop in opened Altiris Log Viewer and reviewed (no need to unzip them to see them in Log viewer)

Note:
After 1 year there will be a lot of archived log files on NS, so a customer should manually delete very outdated archived logs from C:\ProgramData\Symantec\SMP\Logs\Archive" location. SMP Server doesn't have functionality to purge outdated archived NS log files.

 

The purpose to keep 6 month logs depends on HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Event Logging\LogFile\ "MaxFiles" registry value otherwise if logs aren't yet archived, they will be overwritten when "MaxFiles" size will be exceeded.

We understand that 200 log files with size 2mb each log file, will not be overwritten on SMP Server per 1 day (If there is no additional trace/verbose logging enabled and this SMP Server isn't a Parent SMP server of other 4-6 Child SMP servers), therefore Customer can set to archive logs every 1 day (Or if Customer knows that there will be ~200 log files after 2-3 days on SMP Server, then set to archive logs after every 2-3 days then instead of every day).

We don't have any other way to accomplish this purpose to have 6 months NS logs retained on SMP Server... The only way is to maybe change a MaxFiles reg key and more often Logs Archiving schedule execution:

On the system click Start > Run > Regedit, and drill down to the appropriate Reg Key:

Notification Server:  HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Event Logging\LogFile

Agent:  HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent\Event Logging\LogFile

Right-click and modify the following, or create them if they do not exist:

  • MaxSize  (DWORD in Kilobytes)
  • MaxFiles  (DWORD)

Attachments

Powered by Wolken Software