Logs are wonderful! Both on the server and on the clients, logs will provide data when problems occur. They also give you informational messages about routine procedures. When a problem is occurring getting trace logs will enable you or a Support Rep to much more easily diagnose where the problem is occurring. While standard logging will capture errors, trace logging will provide additional details for both the Server and Client.
The following details can be used to enable logging. Because trace logging takes a lot more space, you can also use these details to increase the size of each log, and how many log files are generated before it rolls over and begins overwriting previous logs. In the data below I’ve only included pertinent data to the troubleshooting process.
The Altiris Agent logging is controlled by registry values in the registry key:
- HKLM\Software\Altiris\Altiris Agent\Event Logging\LogFile
The Notification Server logging is controlled by registry values in the registry key:
- HKLM \Software\Altiris\eXpress\Event Logging\LogFile The same registry values apply to both Altiris Agent and NS logging.
FilePath: Folder path where the log files will be stored; (String Value)
C:\ProgramData\Symantec\Symantec Agent\Logs\
Versions 7.1.x: C:\ProgramData\Symantec\SMP\Logs\
MaxFiles: Maximum number of log files to create; (DWORD Value)
- Agent default: 10 (files)
MaxSize: Maximum size of each log file (in KB); (DWORD Value)
Severity: The level of logging to be recorded; (DWORD Value)
- Agent default: value not set, will Error, Warning & Informational messages. NS default: same as Agent
RECOMMENDATIONS:
- Severity = ff (hex value), or 255 (decimal value)
- MaxFiles
- Agent: 100 (decimal value)
- Server: 200 (decimal value)
- MaxSize
- Agent: 1000 (decimal value)
- Server: 2000 (decimal value)
The above values are typically what we use in Symantec Support in order to troubleshoot issues. the only item for consideration is the increased logging will take more space on the disk. Make sure you have enough space for the values selected.
Additional information:
- These values can be modified on the client as well as on the server.
- The NS logging severity level can be set in the Altiris Console In Altiris 7: Settings > All Settings; Notification Server > Notification Server Settings; Logging (tab); The Console will only set the registry value if trace logging level is enabled.
- When the logs are generated, a.log is always the current log and when the max size is reached, it becomes a1.log. The next one would be a2.log and so on until the max files is reached.
- Very large log files sizes on the Notification Server can result in poor performance when viewing from the Web console, so you may be better off increasing the MaxFiles rather than the MaxSize.
- The Agent will not create more than one day of logs regardless of the MaxFiles and PurgeDays settings if the FilePath value is not also specified. This will only be an issue for a 6.0 Agent which was upgraded from NS Client 5.x. NS Client created only the FileName value where the Agent install creates both FileName and FilePath.
There are Five main levels of severity logging, and they are:
- Errors
- Warnings
- Information
- Trace
- Debug
The registry Severity key can be manually adjusted to the desired logging level (these are Decimal values): 1 = Errors
- = Warnings
- = Errors and Warnings
- = Information
- = Errors & Information
- = Warnings & Information
- = Errors, Warning & Information
- = Trace
- = Errors and Trace
- = Warnings and Trace
- = Errors, Warnings, and Trace
- = Information and Trace
- = Errors, Information, and Trace
- = Warnings, Information, and Trace
- = Errors, Warnings, Information, and Trace
255 = Verbose logging (includes Debug)
Here is an example of a registry increased to trace logging with more files with larger sizes:
This logging is essential when troubleshooting client-side issues with gathering inventory. When used in conjunction with Agent trace logging, a lot of data can be gathered. Verbose logging is enabled per Inventory Policy.
- In the Symantec Management Console, browse under Manage > Policies.
- In the left-hand pane, browse under Discovery and Inventory > Inventory > and select the desired policy.
- Click the Advanced button.
- Click the Run Options tab.
- Check the option labeled Enabled verbose client logging.
- Click OK, and then Save changes to apply verbose logging. Done!
- NOTE: Only use this for troubleshooting purposes. Turn it off after the desired data has been gathered at the client.
NOTE: If you are gathering verbose logging for the File Scan, the amount of logs required on the client may be great. Each file scanned is logged, so the amount of logging will be vast.
NOTE #2: Remove any inventory not involved in your troubleshooting. For example if the issue is only with the Hardware based inventory, uncheck the options for Software – Windows Add/Remove Programs, File properties, and Server applications. Furthermore, if you know it is only the hardware and not OSbased data classes, go into Advanced, under the data classes tab and uncheck all but the Hardware section. Lastly, if you know the specific data class you are troubleshooting select only that one in the Advanced. This makes it much easier to search through the logs for the desired data.