I have been asked to look at remote access to a machine that is running Altiris Agent. Where about does Altiris keeps its log? does it keep details of who and when the machine was accessed remotely?
First google search result gave me this info
Problem
Where does the Altiris Agent store its logs on Windows Vista and later systems?
Solution
Under the 6.0 Altiris Agent line, the location can be determined in the Registry at "HKLM\SOFTWARE\Altiris\eXpress\Event Logging\LogFile", under the "FilePath" location. By default, this would be the installation folder
C\Program Files\Altiris\Altiris Agent\Logs
However, due to enhanced security in Windows Vista and later operating systems, where processes that run with User credentials do not have elevated rights to modify files in the Program Files location, this path cannot be used. Instead, Windows mirrors that location to a virtual store, which appears to be in C\Program Files by our Log viewer. The path is specific to the User account the process runs as, meaning entries created during a Software Delivery or Inventory job run as a User account, will be stored under that User profile, as follows
%UserProfile%\AppData\Local\VirtualStore\Program Files\Altiris\Altiris Agent
Because of this security model, in Symantec Management Platform 7.0, the default Agent log path is already under the User folder. Found in the Registry at "HKLM\SOFTWARE\Altris\Altiris Agent\Event Logging\LogFile", under the "FilePath" entry, all logs can be written to this location
C\Users\Public\Public Documents\Altiris\Altiris Agent\Logs\
Source http//
I have been asked to look at remote access to a machine that is running Altiris Agent. Where about does Altiris keeps its log? does it keep details of who and when the machine was accessed remotely?
Thanks Guys. I have located the log files. I am using Altiris log viewer to access the logs. Does anyone know how to interpret these logs? Thanks.