Enabling Severity Stream (ia, wa, ea, ta, va) logs
search cancel

Enabling Severity Stream (ia, wa, ea, ta, va) logs


Article ID: 245474


Updated On:


IT Management Suite


What are these NS logs that starts with ea, wa, ia, ta, va under the Logs folder?


ITMS 8.x


NS logs that starts with " ia, wa, ea, ta, va" are basically severity stream logs that are turned off by default but that can be enabled quite easily while troubleshooting an issue.

These "severity streams" are just a copy of the NS logs based on the "Log Severities" that you have turned on.


In order to turn these "Severity Streams" type of NS logs, you need to go under the Altiris log viewer > Options > Log Options > NS Settings tab. Under the Severity Streams section, you may see the available options that you can turn on.


As the Altiris log viewer UI says:
If any of severities are checked, the SMP will use different file streams when writing log of such severity.
Default file name for log files of such streams will be prefixed by stream marker characters:

e = Errors, w = Warnings, i = Informational, t = Trace, v = Verbose


All these logs will be saved under the default NS log location "C:\ProgramData\Symantec\SMP\Logs"

As mentioned, these are a copy of the regular "Severity" logs that you have turned on, when turned on both types (Loggable Severity and Severity Stream), we create a separate copy of these "severity Type" as an unique entry for review later on.

We use these "Severity Streams" logs when we are troubleshooting an issue and we are concern that we may overwrite the logs when we can't review the NS logs in the same period of time when the issue occurs. For example, if I need to capture "Trace" log verbosity because an issue occurs at 3am and I know I can't grab the NS logs at that time and usually the NS logs are overwritten too quickly because other messages are coming in, we come to the Altiris log viewer, check the box for "Trace" loggable Severity and also the "Trace" severity stream.


In that way, the NS logs will add the "Trace" level entries to what we are logging in and we create a separate "ta" NS log keeping all the "Trace" type log in a separate log file that can be reviewed later on.

You can also see what "Severity streams" are turned on based on what the registry has under HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Event Logging\LogFile\SeverityStreams regkey:

In this example, "8" means just "Trace" severity stream is turned on.

Since we don't overwrite these "severity stream" logs, it can pile up quite quickly and fill the log folder with these logs if we leave the "severity streams" logs turned on after we are done troubleshooting. After troubleshooting is done, turn off any of the "Severity Stream" logs options to avoid unnecessary log files.

Additional Information

“How to configure logging on the Notification Server and an Altiris Agent computer”. KB 179702
“Notification server (SMP) and agent log directory”. KB 171848
“ITMS Location of log files”. KB 156111