test2101

Configure an IIS Log Cleaner Script: PowerShell Examples and Tips

Written by

adm

in

Best IIS Log Cleaner Tools (Free and Paid) — Comparison & Setup Guide

Keeping IIS logs under control prevents disk exhaustion, eases troubleshooting, and meets retention/compliance needs. Below are practical tool options (free and paid), a comparison table, and step‑by‑step setup examples so you can pick and deploy the right solution quickly.

Quick comparison

Tool Type Key features Best for
PowerShell scheduled script Free Simple age-based deletes, highly customizable, no install Single-server, minimal dependencies
IISLogCleaner (open-source) Free / self-hosted Windows service; age and low-disk thresholds, scheduled checks Teams wanting a drop-in Windows service
GitHub / custom scripts (various) Free Community scripts (C#, VBScript, PowerShell) — adjustable Admins who want code-level control
ManageEngine EventLog Analyzer Paid (trial) Centralized log collection, retention policies, alerts, reports Multi-server environments requiring analysis + retention
SolarWinds Loggly / Loggly (SaaS) Paid (tiered) Cloud ingestion, search, indexing, retention, alerting Organizations wanting SaaS log management and search
Elastic Stack (ELK) Free / Paid (support) Ingest/retain/index/search logs, lifecycle management (ILM) Teams needing powerful search + retention at scale
Splunk Paid Enterprise-grade indexing, retention policies, alerts, compliance Large enterprises with high-volume logs and budget
PRTG / Paessler Paid (trial) Monitoring + log collection plugins, alerting, retention settings Ops teams wanting integrated monitoring + log rules
IIS Crypto / small utilities Free Focused utilities for IIS maintenance (not full cleaners) Small shops needing simple IIS config/cleanup helpers

When to use each category

  • Use PowerShell scheduled scripts when you have a single server or simple retention requirement (e.g., keep 30 days).
  • Use an open-source service (IISLogCleaner) when you want a persistent Windows service that enforces deletion rules and disk-threshold behaviors.
  • Use centralized/premium solutions (ManageEngine, Elastic, Splunk, Loggly) when you need log aggregation, search/analysis, compliance retention, and cross-server correlation.

Free option: PowerShell scheduled cleanup (recommended default)

  1. Create a script (save as C:\Scripts\IIS-Cleanup.ps1):
Code
\(DaysToKeep = 30 </span>\)Root = ‘C:\inetpub\logs’ Get-ChildItem -Path \(Root -Recurse -Filter.log |   Where-Object { \).LastWriteTime -lt (Get-Date).AddDays(-$DaysToKeep) } |   Remove-Item -Force
  1. Test safely:
  • Run with pipeline output to list files before deleting:
Code
Get-ChildItem -Path ‘C:\inetpub\logs’ -Recurse -Filter *.log |   Where-Object { $_.LastWriteTime -lt (Get-Date).AddDays(-30) }
  1. Schedule with Task Scheduler:
  • Trigger: Weekly or Daily
  • Action: powershell.exe -NoProfile -ExecutionPolicy Bypass -File “C:\Scripts\IIS-Cleanup.ps1”
  • Run as: SYSTEM or a domain account with file delete permissions
  1. Monitoring: add logging to script or enable task history; test restores from backups before mass deletion.

Free alternative: IISLogCleaner (Windows service)

  1. Download or clone the IISLogCleaner repo (GitHub).
  2. Edit app.config:
  • DaysToKeep
  • CheckIntervalMinutes
  • LowDiskThresholdMB
  • RootLogSearchDirectory
  1. Build (or use provided installer) and install service:
  • Use sc.exe or InstallUtil.exe per repo instructions.
  1. Run service under an account with delete rights and review Event Log entries.
  2. Advantages: runs continuously, supports disk-threshold deletes.

Centralized/paid options — deployment checklist

  1. Choose product by scale:
  • Small fleet + search: Loggly / ManageEngine
  • Large scale / self-hosted: Elastic Stack or Splunk
  1. Provision collectors/agents on each IIS host (WinLogbeat, syslog, agent).
  2. Configure ingest pipeline to parse IIS W3C logs (timestamps, fields).
  3. Set retention/ILM (Elastic) or index retention (Splunk/Loggly) to auto-delete/rollover.
  4. Add alerts for disk pressure and anomalous traffic.
  5. Test end‑to‑end: generate logs → ingest → search → retention expiry.

Practical retention recommendations

  • Non-critical sites: 30 days
  • Business/analytics important: 90 days
  • Compliance/security: follow policy (6–24 months) and archive before deletion
  • If disk is constrained, combine age-based retention with low-disk threshold deletes.

Permissions, safety, and testing

  • Run cleaners as accounts with least privilege required (delete rights only for log folders).
  • Always run in “list-only” mode to validate selection before deletion.
  • Ensure log backups or centralized ingest exist before purging if logs are needed later.
  • Schedule deletions during low-activity windows; monitor IIS and disk after initial runs.

Example: Elastic Stack simple retention (self-hosted)

  1. Install Filebeat/Winlogbeat on IIS host, enable IIS module or configure file input for inetpub logs.
  2. Ship to Logstash/Elasticsearch or directly to ES.
  3. Create ILM policy:
  • hot → warm → delete (e.g., delete after 90 days)
  1. Assign index template to IIS indices so logs auto-expire.

Final checklist before deploying

  • Decide retention days and emergency disk threshold.
  • Choose tool: script for simplicity, service for resilient local enforcement, or centralized solution for analytics.
  • Test file selection and deletion in staging.
  • Schedule and monitor; document the policy and recovery steps.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts