The explanation of the entries are contained below. Here I will put the recommended values when troubleshooting issues:
- Severity = ff (hex value), or 255 (decimal value)
- Agent: 100 (decimal value)
- Server: 200 (decimal value)
- Agent: 1000 (decimal value)
- Server: 2000 (decimal value)
The above values are typically what we use in Symantec Support in order to troubleshoot issues. the only item for consideration is the increased logging will take more space on the disk. Make sure you have enough space for the values selected.
In Altiris 7 and 8, the Altiris Agent logging is controlled registry values in the registry key:
- HKLM\Software\Altiris\Altiris Agent\Event Logging\LogFile
In Altiris 7, the Notification Server is controlled registry values in the registry key:
- HKLM \Software\Altiris\eXpress\Event Logging\LogFile
The same registry values apply to both Altiris Agent and NS logging.
FileName: The naming convention for these logs (String value)
- Agent default: agent.log
- NS default: a.log
FilePath: Folder path where the log files will be stored; (String Value)
- Agent defaults:
- Windows XP: C:\Program Files\Altiris\Altiris Agent\Logs\
- Windows 7: C:\Users\Public\Public Documents\Altiris\Altiris Agent\Logs\
- Windows 7: C:\ProgramData\Symantec\Symantec Agent\Logs
- NS defaults:
- Versions 7.0.x: C:\Program Files\Altiris\Notification Server\Logs\
- Versions 7.1 and later: C:\ProgramData\Symantec\SMP\Logs\
MaxFiles: Maximum number of log files to create; (DWORD Value)
- Agent default: 10 (files)
MaxSize: Maximum size of each log file (in KB); (DWORD Value)
Severity: The level of logging to be recorded; (DWORD Value)
- Agent default: value not set, will Error, Warning & Informational messages
- NS default: same as Agent
- These values can be modified on the client as well as on the server.
- The NS logging severity level can be set in the Altiris Console In Altiris 7: Settings > All Settings; Notification Server > Notification Server Settings; Logging (tab); In Altiris 6: the Error Logging Advanced setting in the Configuration tab. The Console will only set the registry value if trace logging level is enabled.
- When the logs are generated, a.log is always the current log and when the max size is reached, it becomes a1.log. The next one would be a2.log and so on until the max files is reached. At that point you may begin to lose data unless archiving or purging kicks in.
- Very large log files sizes on the Notification Server can result in poor performance when viewing from the Web console, so you may be better off increasing the MaxFiles rather than the MaxSize.
- The Agent will not create more than one day of logs regardless of the MaxFiles and PurgeDays settings if the FilePath value is not also specified. This will only be an issue for a 6.0 Agent which was upgraded from NS Client 5.x. NS Client created only the FileName value where the Agent install creates both FileName and FilePath.
There are four main levels of severity logging, and they are:
The registry Severity key can be manually adjusted to the desired logging level (these are Decimal values):
1 = Errors
2 = Warnings
3 = Errors and Warnings
4 = Information
5 = Errors & Information
6 = Warnings & Information
7 = Errors, Warning & Information
8 = Trace
9 = Errors and Trace
10 = Warnings and Trace
11 = Errors, Warnings, and Trace
12 = Information and Trace
13 = Errors, Information, and Trace
14 = Warnings, Information, and Trace
15 = Errors, Warnings, Information, and Trace
255 = Verbose logging