This article provides step-by-step instructions on how to effectively use the Altiris Log Viewer to review and differentiate logs from multiple client machines, Site Servers, and NS (Notification Server) logs simultaneously. This method is particularly useful for troubleshooting issues by identifying patterns or errors across various systems within a specific timeframe.

ITMS 8.x

Altiris Log viewer (Altiris Log Viewer User Guide) (also known as NS Log Viewer) lets you monitor several log locations for different components like IT Management Suite, Symantec Management Agent and Symantec Installation Manager. The Altiris Log Viewer is a WinForms executable that lets you view the Notification Server logs.
The Altiris Log Viewer is installed by the Diagnostics package during the initial installation of the Symantec Management Platform. The altiris_diagnostics_[product-version]_x64.msi is located at …\Program Files\Altiris\Symantec Installation Manager\Installs\Altiris.

The Log Viewer lets you perform the following tasks:

■ View error, warning, informational, trace, and verbose messages.
■ Search the logs and view the results.
■ Bookmark the log items.
■ Filter the logs to display a subset of messages.
■ Save the filter definitions for later use.
■ Perform search in log files without loading them into Log Viewer

It can be accessed mainly in 2 ways:

1. On the SMP Server computer, click Start, and then click Symantec > Altiris Log Viewer.
   
   
   
   
2. You can also launch it by running the LogViewer2.exe file is located at the following path:
   …\Program Files\Altiris\Diagnostics 
   
   
   
   NOTE:
   You can manually copy LogViewer.exe and run it from a client machine or from one of your Site Servers in order to review your agent logs as needed.
   
   

1. Collect Logs from All Sources

Gather all necessary log files and organize them into a single main folder. Within this main folder, create sub-folders for each "source" (e.g., Client Machine A, Site Server X, NS Server). This organization helps in easy identification and management of logs from different systems.

2. Load Logs into Altiris Log Viewer

1. Open the Altiris Log Viewer.
2. Stop any active monitoring or data collection within the viewer.
3. Clear any existing data in the viewer to ensure a fresh import.
4. Drag and drop the entire main log folder (containing all sub-folders) directly into the Altiris Log Viewer. All log files will be imported, allowing you to view millions of rows of data efficiently, provided you have sufficient RAM.

Note: This method is for reviewing collected logs and does not provide real-time monitoring of incoming messages from foreign sources.

3. Set Schema to Colorize by Host

To visually differentiate log entries from each endpoint:

1. Navigate to the coloring schema settings within the Altiris Log Viewer.
2. While there is a default schema that colors by module, edit or create a new schema to colorize by "host." This will assign a unique color to log entries originating from different client machines, site servers, or the NS server, making it easier to track events from specific systems.

4. Navigate to a Specific Date and Time Range

To focus on a particular time-frame:

1. Use the "Navigate to Date" button in the toolbar of the Altiris Log Viewer.
2. Specify the desired date and time range (e.g., between 8:00 AM and 8:30 AM).
3. If this range is loaded into the current view, the matching messages will be found and highlighted (typically with a yellow background), allowing you to quickly identify events within your specified period across all reviewed systems.

Additional Filtering and Monitoring Options

Real-time Monitoring with "Watch Folders"

For real-time monitoring from different sources:

1. Go to Files -> Watch Folders in the Altiris Log Viewer menu.
2. Add network shares for each source you wish to monitor. Ensure the current user has the necessary permissions to access files in these shares.
3. The Log Viewer will then monitor these folders in real-time for incoming messages.

Using "Walk Log Files" for Advanced Search/Filtering

To efficiently search through logs without loading their entire content:

1. Go to File -> Walk Log Files in the menu to open the "Walk Log Files" dialog.
2. Click "Get Files" in the toolbar (the first button from the left) to load file names from all currently monitored sources.
3. Choose the criteria you want to find within these files (the dialog offers many options).
4. Click the search button (located on the left side of the text input). The engine will scan all files and display only the matched rows, significantly speeding up the search process.

By following these steps, you can effectively utilize the Altiris Log Viewer to troubleshoot and analyze logs from multiple sources simultaneously, enabling a clearer understanding of system behavior during specific events.