Many times I saw site server with a full C:\ drive. The most common problem is that the internet information services (IIS) logs are growing without a limit.
These log files are normally stored under c:\inetpub\logs\LogFiles. What options do we have to solve this problem and get a solution for the future?
- Delete the logs manually on a periodic schedule
- Disable the IIS Logs
- Create a Task Scheduler entry on all IIS servers and run a script
- Create a Configuration Manager Settings Management Item
Option one and two are not really a solution. With option three we need manual actions on a server or a bigger script to create the scheduled task. Additionally it’s not possible to monitor these tasks centrally. So I will focus on the last option, which will use the Settings Management feature of Configuration Manager with a remediation action.
The following Script checks if there are file older than 7 days, then it reports a NonCompliance Value, otherwise Compliant.
if(Test-Path C:\inetpub\logs\LogFiles){ $files = get-childitem -Path C:\inetpub\logs\LogFiles -recurse | where-object {$_.lastwritetime -lt (get-date).addDays(-7) -and $_.Name -like "%.log"} $filesFound = $false $files | Foreach-Object { $filesFound = $true } if($filesFound){ Write-Host "NotCompliant" } else { Write-Host "Compliant" } }else { Write-Host "Compliant" }
To remediate and delete the older files I use this script:
$files = get-childitem -Path C:\inetpub\logs\LogFiles -recurse | where-object {$_.lastwritetime -lt (get-date).addDays(-7) -and $_.Name -like "%.log"} $filesFound = $false $files | Foreach-Object { Remove-Item $files -force }
Now you can create a settings management item and check how much disk space you could save, when you delete your IIS Log files. You can also download the settings management item here and import it to your ConfigMgr Environment. Before activating the remediation action try it out on some server for your own security.
- Microsoft Sentinel ASIM Parser demystified - March 31, 2024
- Enhancing Network Security Insights with IDS/IPS of Ubiquiti Dream Machine Pro and Microsoft Sentinel - March 10, 2024
- Ubiquiti Dream Machine Pro Logs to Microsoft Sentinel - February 6, 2024
0 Comments