To provide better understanding regarding Notification Server activity and error logging, the questions below have been asked:
1. After browsing to the Configuration>Server Settings>Notification Server Settings>Error Logging page, if the option "Archive log files that are older than 7 Days" is enabled, should the log files that are active span a 7 day time frame, or should there be a total of 7 days in each log file created?
2. Where are the log files stored and what is the naming convention of the files if they are stored in different locations?
3. What procedure is used to determine if log files should be deleted? If this procedure is time/date related, would it be the entry time in a log file or is it the date that the log file was created?
4. Is there a setting that can be configured to control the maximum number of log files that can be created?
1. When enabling this option, if the time value is set for 7 days, then all of the active log files should span a 7 day time frame, based on the date of the oldest log file. Any log files with a date older than 7 days from the latest a.log file will be archived. Archival of these files is accomplished by a series of stored procedures called from a scheduled task - NS.NS Log Archive Schedule. This task runs at 5:00 am daily. It populates the Evt_NS_Log table in the Notification Server database.
2. The names of the log files can be changed by modifying the registry key HKLM\Software\Altiris\Express\Event logging\logfile\FileName. By default, the naming convention is a.log. The naming convention can be changed. For example, if a new naming convention called Altiris were desired, then the log file would be called Altiris.log. As the size of the first log file meets the configured MaxSize value, the existing Altiris.log file would be renamed to Altiris1.log and a new Altiris.log file would be created. As this continues to occur, the name increments by 1 (Altiris2.log, Altiris3.log....) as the count needs to grow.
The location of the log files are controlled by the registry key - HKLM\Software\altiris\express\event logging\logFile\FilePath. This registry key can also be changed.
3. The combination of HKLM\Software\Altiris\eXpress\Event Logging\LogFile\MaxSize and HKLM\Software\Altiris\eXpress\Event Logging\LogFile\MaxFiles, combined with the file date, determine the rotation, deletion, and, if configured, archiving of the log files. Both of these registry keys are DWORD values. MaxSize is set to 200 by default (this value is in KB). As soon as the first file is full, the existing file is renamed to a1.log, and a new a.log is created, and so on until the MaxFiles value (default is 50) is reached. Then, if archiving is enabled and the archive time (7 days by default) is exceeded, the files will be archived as explained in answer 1 above. If archiving is not enabled, then the oldest files are successively overwritten. This last scenario can result in log information being lost.
4. Yes, as shown above in answer 3. The registry key HKLM\Software\Altiris\eXpress\Event Logging\LogFile\MaxFiles controls this. This is a DWORD value and is set to 50 by default.
Imported Document ID: HOWTO5628
Subscribing will provide email updates when this Article is updated. Login is required.