Manage IIS Log Files and purge those older than N days with a Powershell script or a batch file

IIS URL Rewrite: redirect di più nomi di dominio su un singolo hostname

Any System Administrator will agree that the Internet Information Services log files are an invaluable resource for any Web Server machine, since they are the only built-in tool that allows to effectively keep track of what happens among the web sites and services configured within the system: who requests what, where they are from, and a lot of useful informations regarding our visitors and guests. To see a list of the available info we can collect with the help of this feature, we can visit this official page who documents the W3C Extended Log File Format, which Microsoft adopted since IIS 6.0.

Overwiew

Needless to say, we're also free to choose what we want to track: we can enable or disable each one of the aforementioned fields by opening the IIS Manager, double-clicking on the Logging and act accordingly, as shown in the screenshot below:

iis-logging-screenshot

Like we said above, activating the logging feature is not a choice: a good administrator should always keep it enabled for a number of good reasons, including - yet not limiting to - statistical purposes. Just to make a quick example, guess what it could happen if someone tries to use the "file upload" feature available through one of your websites to send banned, restricted, forbidden or copyrighted content: as a result of this the local authority could run an investigation out of your system, which you could easily pass by showing your IIS logs together with a proper explanation of what really happened... unless you turned that feature off to save HDD space!

The problem

Now that we acknowledged the importance of keeping the IIS logging enabled, we need to find a way to optimize the required HDD space that such a useful feature will take. The log files are big and subject to grow fast, expecially if you're getting lots of visitors, since they will store data for each incoming request. Just to make a quick example, this website - which has roughly 10.000 visits per day - generates a ~300Kb log file on each and every day: we're talking about hundreds of megabytes every year, not to mention that it will stack with any other website hosted on that machine (IIS will create a folder for each one of them).

What can we do to reduce the impact of these log files?

The Solution

In order to leverage the weight of the log files in terms of HDD space, we can activate the following workarounds:

  • Enable the File Compression feature on the main folder containing all the IIS logs.
  • Setup an automatic procedure to purge the log files older than N days.

Luckily enough, we can implement both of these in a matter of minutes: here's how we can do that.

Enable the File Compression feature

The first thing we need to do is to locate the folder used by IIS to store all the log files. To do this, open the IIS Manager, double-click on the Logging icon and take a look to the path contained in the Log File Directory textbox. This should be something like

%SystemDrive%\inetpub\logs\LogFiles

, as shown in the screenshot below:

iis-manager-logging-screen

Once located, all we have to do is to find it using the Windows File Manager, right-click on it, going into Properties, navigate through General > Advanced and enable the File Compression feature in there.

windows-enable-file-compression

When the system asks to also compress the included files and folders, click OK: however, before doing that, it could be wise to stop the IIS service to ensure that the log files for the current day will be compressed as well. To do that, open a Command Prompt with administrative priviledges and type  iisreset /STOP; then, when the compression is over, it can be started again by typing iisreset /START. Once done, the LogFiles folder will become blue, meaning that it became a compressed folder (i.e. containing compressed files): this will save your more than 50% of the space normally required by the log files.

Purge the Log Files older than N days

File Compression can be great for log files, but it won't save us when we're dealing with high-traffic web sites, expecially when they've been running for many years. The best thing we can do to deal with these scenarios is to setup an automatic cleanup of all log files older than N days, so that we keep only the most recent ones - leaving the others to our backup procedure (assuming we do have one). In most cases, a good value for N can be 180, which is fully compliant with the EU regulations regarding system log files.

To do so, we can either use PowerShell or a simple (but slower) batch file: both alternatives are viable enough, it's just a matter of what you like the most.

PowerShell

IMPORTANT: If your PowerShell console throws an error on

$PSItem.LastWriteTime

, try using

$_.LastWriteTime

instead.

File Batch

As soon as you create the script file, you can easily make it running daily by configuring a dedicated entry within the built-in Windows Task Scheduler. The task will be extremely fast, as it only has to delete a small amount of files, so it can run at anytime without impacting your web server performance: you won't even have to stop/start the IIS service, since those files will never be in an open state.

That's it for now: happy logging!

About Ryan

IT Project Manager, Web Interface Architect and Lead Developer for many high-traffic web sites & services hosted in Italy and Europe. Since 2010 it's also a lead designer for many App and games for Android, iOS and Windows Phone mobile devices for a number of italian companies. Microsoft MVP for Development Technologies since 2018.

View all posts by Ryan

3 Comments on “Manage IIS Log Files and purge those older than N days with a Powershell script or a batch file”

  1. Pingback: UC Unleashed » Function: Remove-IisLogFiles – Purging Old IIS Log Files with PowerShell
  2. Pingback: Delete files older than X days from FTP folder with a batch file in Windows

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.

This site uses Akismet to reduce spam. Learn how your comment data is processed.