I am in the process of changing my server build-out scripts to DSC and am being forced to deal with an IIS Log File Maintenance routine, I cobbled together years back.
Right now, it is a separate script (one for 2003, one for 2008, there was some incompatibility with 2012 I haven’t dealt with) that I run on all servers with IIS. The script finds the log drive, creates a new Log folder, creates an Archive and a Bin folder within that, puts an archiving/purging script and the Info-Zip executable in the bin folder, then creates a scheduled task to run the script every night. I’d like to also add changing all IIS log paths to this location to the script.
Before I go any further (custom DSC Resource?) I wanted to ask the community, how are you handling IIS’s lack of a built-in log maintenance solution?
This seems like a basic feature that IIS should have by now. Maybe I’m missing something.
Good God, I was literally typing a note to Steve Murawski about this. It says:
I’m running into a thing where people read “configuration” and think “provisioning.” So they think, “well, DSC is only useful when I set up a server or need to change its role, but I still need PowerShell scripts for maintenance.” Which isn’t true.
I’d like a simple resource that deals with file archiving and rotation.
E.g., specify a source path, an optional archive path, a max file age, and an optional max archive file age. Also specify an archive action, “Archive” or “Delete.” There’d be no “ensure.”
If you specify Delete, then any files in the source path older than MaxFileAge get deleted.
if you specify Archive, then any files in the source path older than MaxFileAge get moved to the archive path; any files in the archive path older than MaxArchiveFileAge get deleted.
Simple (hopefully), but demonstrates that ongoing maintenance is also a form of “configuration.”
Which is basically what you’re asking for. So there’s nothing built in, but a custom DSC resource would indeed do it, and would be a great way to go.
Maybe I am missing your point, however are you talking about how you should configure logfile rollover/retention so that it does not fill up your disk or are you talking about what IIS logs into the logfile?
Log file management - e.g., rollover and archival. The end point was, no, IIS doesn’t do it natively, and yes, a custom DSC resource would deb a good way to go about it, if your servers have PowerShell v4 installed.
Don is almost correct We have rollover natively in IIS, however no achiving of items of an certain age. So custom DSC it is then or you could use a DSC script Resource while you develop you custom DSC resource.
To get you started (below code will give you the current logfile settings):
Yes, IIS does have some facility for doing file roll-overs, but my old script actually Zipped the files daily and stored them in an archive folder for X days before deleting them.
I think the quick and dirty solution will be to:
Create the new Log Folder, outside of the System Drive, with the File Resource.
Set the IIS hourly roll-over and change the logging path to the new location (thanks for the code), looks like this needs to be a Script Resource for now.
Then create a scheduled task with a Script Resource to simply purge the log folder. Probably with my old standby below...
I’m close… The LCM doesn’t seem to have permission to create the Scheduled Job. The following code returns, “This event indicates that a non-terminating error was thrown when DSCEngine was executing Set-TargetResource on MSFT_ScriptResource provider. FullyQualifiedErrorId is UnauthorizedAccessToRegisterScheduledJobDefinition,Microsoft.PowerShell.ScheduledJob.RegisterScheduledJobCommand. ErrorMessage is An access denied error occurred when registering scheduled job definition PurgeLogFolder. Try running Windows PowerShell with elevated user rights; that is, Run As Administrator…”
In the end… I cheated. I just do not have time, at the moment, to take this any further.
Thank you for your help!
Ironically, I can only use this on our Server 2008 R2 servers. Our current version of ESX does not support 2012 R2. So the 2012 servers that I hoped to configure with DSC, will have to wait. (Don, your rant the other night came to mind when I discovered this situation.)
It’s a third party utility that runs as a service and manages archiving your IIS Logs for you. It is actually on my RADAR to get around to making a PowerShell equivelent which I am working on but I wanted to use built in Windows ZIP and not 7zip or some 3rd party command line ZIP tool. I have the COM Object for ZIPPING but just haven’t had time to finish the script. Probably because this 3rd party tool works really well and has served my company for many years.
Here’s my take on this, which also includes some sanity checking on the log file names (optional). Guess that has been covered, though, didn’t realize when writing the article.
I run this script weekly on an IIS server via the task scheduler.
# Script to be run weekly by task scheduler to cleanup IIS files
# greater than 30 days old.
#
# Bob McCoy 3/27/14
$start = (get-date).AddDays(-30)
# Clean up old log files
Get-ChildItem C:\inetpub\logs\LogFiles -File -Recurse | where LastWriteTime -lt $start | Remove-Item
# Get rid of bounced mail files
Get-ChildItem C:\inetpub\mailroot\Badmail -File -Recurse | where LastWriteTime -lt $start | Remove-Item