DevOps Zone is brought to you in partnership with:

Doug Rathbone is a software architect working in Ad land. He is passionate about software design and automation, and regularly contributes to a number of industry sites on these topics. Douglas is a DZone MVB and is not an employee of DZone and has posted 60 posts at DZone. You can read more from them at their website. View Full User Profile

Set Up Scheduled Log File Cleaning for Windows Servers Running IIS

12.21.2012
| 4646 views |
  • submit to reddit

These days IIS has so many bells and whistles installed that it can be hard to find the settings panel that does what you want it to do (or if you’re an IIS 5/6 guy like me you may just get lost in general some times). The one thing that is lacking as a feature in IIS is log file recycling. If you manage an IIS installation of any decent size, you’ll know first hand how quickly log files can fill up a server’s hard disk, and bring it to its knees if not managed properly – how do i take care of this?

What is the problem?

IIS creates a new log file everyday and fills it with information about every request it has served.

An example log file:

2011-01-22 00:00:00 192.168.1.1 GET /1893/1181.png - 80 - 118.208.178.247 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6.13+(+.NET+CLR+3.5.30729) 404 0 2 562
2011-01-22 00:00:00 192.168.1.1 GET /1894/1180.png - 80 - 118.208.178.247 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6.13+(+.NET+CLR+3.5.30729) 200 0 0 593
2011-01-22 00:00:00 192.168.1.1 GET /1894/1181.png - 80 - 118.208.178.247 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6.13+(+.NET+CLR+3.5.30729) 200 0 0 593
2011-01-22 00:00:00 192.168.1.1 GET /1892/1180.png - 80 - 118.208.178.247 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.2.13)+Gecko/20101203+Firefox/3.6.13+(+.NET+CLR+3.5.30729) 404 0 2 593

Depending on the types of sites you are hosting, you may only need to keep these log files for a set period of time, such as 30 or 60 days. Obviously you have to weigh this number up depending on your circumstances, taking into account all the possible reasons you may actually want to keep your log files:

  • Do you run traffic statistic programs that require you keeping your logs longer than 60 days to see trending etc?
  • Do you need to keep you logs for a certain amount of time to do security auditing in the case of a hacker/defacement?

In most cases, i believe somewhere between 30 - 60 days is a pretty optimal time to keep your servers’ IIS log files, as in the case of an incident such as a security intrusion, you will know that you need to review the logs before this 60 day period anyway as in most cases it will be pretty clear something has happened and that your log file need reviewing, in a retroactive sense (obviously this is not the best way to find out about an intrusion, but I'm talking from the context of log file management).

So the kind of solution we really need is a way for us to delete our old IIS logs once a day depending on their last modified dates. This simple functionality would be a great little function to add to IIS, but as it stands, it doesn’t look like it’s going to happen anytime soon.

A Potential Solution

Many years ago when i used to work in network infrastructure management, i came across a simple VBScript written by a guy that operated under the name of simply MAK that i have since seen many places – i have lost the original authors’ site, so if you know of it let me know by commenting below. What is does is take a directory (and its recursive children), a number signifying the oldest files to keep by number of days old, and a log file path to write all its output to.

Start by copying the script below into notepad and saving it as LogFileCleaner.vbs. You can put this anywhere, as long as you update any paths shown below in further steps.

For clarity i will be placing mine under the path C:\LogCleaner\

' Objective: To delete old files from a given folder and all subfolders below
'
' Created by: MAK June 21, 2005
'
' Format: cscript deloldfiles.vbs {DriveLetter:\FolderName} {#ofDays}
'     or: cscript deloldfiles.vbs {\\servername\FolderName} {#ofDays}
' Example: cscript deloldfiles.vbs c:\dba\log 3
'    (deletes files older than 3 days from the \dba\log file on drive C:)
Set objArgs = WScript.Arguments
FolderName =objArgs(0)
Days=objArgs(1)

set fso = createobject("scripting.filesystemobject")
set folders = fso.getfolder(FolderName)
datetoday = now()
newdate = dateadd("d", Days*-1, datetoday)
wscript.echo "Today:" & now()
wscript.echo "Started deleting files older than :" & newdate 
wscript.echo "________________________________________________"
wscript.echo ""
recurse folders 
wscript.echo ""
wscript.echo "Completed deleting files older than :" & newdate 
wscript.echo "________________________________________________"

sub recurse( byref folders)
  set subfolders = folders.subfolders
  set files = folders.files
  wscript.echo ""
  wscript.echo "Deleting Files under the Folder:" & folders.path
  wscript.echo "__________________________________________________________________________"
  for each file in files
    if file.datelastmodified < newdate then
      wscript.echo "Deleting " & folders.path & "\" & file.name & " last modified: " & file.datelastmodified
      on error resume next
' === to test this script but not actually delete files, comment out the next line ===
    file.delete
    end if
    
  next  

  for each folder in subfolders
    recurse folder
  next  

  set subfolders = nothing
  set files = nothing

end sub

Now create a batch file that calls this VBScript with all the paths that you store log files in, and save this asCleanLogs.bat in the same folder you created the above VBScript.

My example below sets the boundary file date as 60 days ago and points at the default iis log folder (C:\inetpub\logs\LogFiles). This will delete all log files older than 60 days old.

cscript c:\logcleaner\LogFileCleaner.vbs C:\inetpub\logs\LogFiles 60 >> c:\logcleaner\cleaner_log.log

Save this file

Now we need to schedule this batch file to run, so Open Task Scheduler and click on the right hand side menu option “Create Basic Task

image

In the new windows, enter a name for your new scheduled task – in the screen grab below I'm calling mine “IIS Log Cleanup” and click Next

image

Set the trigger for when to run your task as Daily and Click Next (this can be set to any schedule you want, however I'm going to run mine every day)

 image

Now enter the time you want this to run this log file clean out every day – I've set mine to 12am. Then ClickNext

 image

Select “Start a program” and click Next

 image

Now click on Browse and browse to the BAT file we created above @ c:\logcleaner\cleanlogs.bat and when done click Next

On the next page, check the box marked “Open the Properties dialog for this task when i click Finish”and then click finish

image

In the new window click on the button marked Change User or Group next to the security options area of the dialog. This allows us to specify what user the task will run as.

image

Enter the user SYSTEM and click OK

image

Click OK again, and you’re done!

Feel free to run your task manually by right clicking the task and selecting Run

Alternatively you can modify the vbscript created in step one by commenting out the line that does the delete – this will allow you to run the task and see in the log file all the files that would be deleted if run without this line commented out.

Now go have some form of tasty beverage and rejoice in (hopefully) never having your server run out of space from log file storage again.

Some ideas to go home with

If you don’t like the idea of “deleting” your log files every 60 days and instead just want to move them from the log files path, you can easily modify the above script to copy your logs somewhere off-server for archival.

Additionally, if you use my SQL EXPRESS Backup Schedule as per my previous post, you can use the above to also clean out the dated database backups i creates, so that any backup older than say, a week or two gets deleted.

Published at DZone with permission of Douglas Rathbone, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)