** Have created a small script for Exchange 2010 to help clean out the IIS Log files, you can find the link to the gallery at the end of the article**
In your Exchange 2013/2016 Environment you may be wondering why the space on your C:\ drive where Exchange is installed is filling up so quickly.
This is due to the amount of logging Exchange 2013/2016 does by default. Microsoft turned this on to assist them with more rapid assistance with customers instead of waiting for logs.
From CU6 for Exchange 2013, .etl files were created. With the current build Exchange 2013 creates 50mb files at a time with a maximum of 100 files. For smaller business this is not ideal.
The other feature that logs weekly and daily files is the Diagnostic logs (Health explorer). This will generate files up to 5GB over a week/month. Some of you might want that space because you are limited with the current hardware you have.
The other player here is IIS logs. These can generate quite a bit and at 500MB+ a log file you can run out of space rather quickly.
Lastly, another set of logs that could be filling up is the Http Proxy log. This log will fill up in most cases when you have issues and will create an hourly file from 4MB onwards.
In this article I will go through each of the following logs below and explain how you can maintain them or turn them off:
- Diagnostic logs (Health Manager)
- ETL Files
- IIS Logs
Lastly, A PowerShell script is available to run to clean up this without having to go into each folder.
Health Manager runs and collects information about the health of the system. If you have ample space this is fine but if you have an 80GB C:\ drive your drive is going to fill up in less than a few days. If you need to disable this feature you can do so as follows:
Open up Services.msc,
- Locate the Microsoft Exchange Health Manager Service.
- Double click the service and change the startup to disabled.
- Stop the service if it is running.
- The next service to locate is the Microsoft Exchange Diagnostics Service.
- Follow the same steps as above to stop and disable the service.
The next thing to stop/disable is the Task that runs. Open up Task Scheduler.
- In Task Scheduler, expand Microsoft -> Windows and then click on PLA.
- You will see 2 tasks, first stop them if they running and then disable them.
The next step is to clear out the logs created by Diagnostics. Open up Explorer.
Navigate to C:\Program Files\Microsoft\Exchange Server\V15\Logging\Diagnostic.
- In there you will have to folders, one called DailyPerformanceLogs and the other PerformanceLogsToBeProcessed.
- You can delete all the log files located in these 2. The logs to be processed will contain 20MB files while the daily logs will be +- 1GB.
These files are generated almost every hour and are about 50MB in size. The default registry entry for this is to keep 100 files. I will show you how to adjust this value further down.
To locate these files go to the following location:
- C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Diagnostics\ETLTraces
- As shown above, there are alot of files logged. You can highlight all of them and delete them without a problem. this will free up a few GB.
Within the Diagnostics folder there is another folder that is logging. Here is the location:
- C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Diagnostics\Logs
- As you can see above, alot of log files, you can delete these text files.
You can change the default value of 100 files to a number you want by changing the following registry key:
- Key: MaxTraceFileCount
- Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server\16.0\Search\Diagnostics\Tracing
IIS Log Files
IIS Log files write to the C:\inetpub directory by default, you can change this to another drive etc. These files can be 200mb+ and overtime will use up space on the drive. To delete them open up the following location:
- Inside this folder you will have 2 other folders namely W3SVC1 and W3SVC2. Inside these are log files you can delete as well.
You can also look in the following folder for the same set of folders: C:\Program Files\Microsoft\Exchange Server\V15\Logging\RpcHttp
- Here you can also delete these files.
HTTP Proxy Logs
The last place you can look as well for log files is in this location:
- C:\Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy
Located in each of the folders some files can be 10MB in size and generate quite a few. These logs will tell you if you have errors in your environment especially the RpcHttp folder.
You should be able to free up a few GB’s of space.
I created a script which you can use in conjunction with Task Scheduler to clear files when you need to, you can find the script here:
Exchange 2010 Log File PowerShell Script:
For those that would like to see how to do the Task Scheduler I have put together some screenshots as there have been a number of requests for it:
Open up Task Schedular and Select New Task. The above window will show. Enter the following:
- You can change the User to one that has full Exchange access or leave it with the user currently logged in if it has rights.
- Run whether the user is logged on or not
- Run with the highest privileges (tick the box)
- Configure for :- Windows Server 2012 R2
Next step, click on the Triggers Tab as show above and then click New…
The above window will show, choose your schedule and then click OK.
Once you have created the Trigger, it will show as above.
Next step is to click on the Actions Tab and then on the New… Button.
The window above will show, here you will configure the following:
- Action – Start a program
- Program/script :- You can paste the below in or browse to the directory listed and choose Powershell.exe:
- In the Add arguments (Optional) section, enter in the following:
-NonInteractive -WindowStyle Hidden -command “& ‘C:\Program Files\Microsoft\Exchange\V15\Scripts\Clearlogs.ps1′”
I put the script in the Scripts folder where Exchange is installed, if you have it in another location then just change the path.
When you done, click the OK button.
Once complete you will see the action as shown above. Click the OK button to finish.
A window will popup confirming the Task, enter in the credentials of the user specified in the beginning.
Hope it helps.