IIS log files location

pma111 used Ask the Experts™
we What is the risk in storing IIS log files on the system drive? Is there any risk if this is only ever set for the default web/FTP sites, which aren't even used, or is it only ever a risk for a user site? we have IIS log files for both default website and other sites flagged sa located on the system drive. It is identified as a risk on many of microsofts tools/security scanners, but doesnt provide much information as to why?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Gaurav SinghSolutions Architect

There is no risk in storing log files on system drive but log files will rapdily fill the system drive causing the space issues on System drive. you can change the log files location to other drive.


can you not cap the max size of the logs so they dont cause a space related issue?
Gaurav SinghSolutions Architect

yes u can do that, that option is available in the IIS settings.
Systems Engineer
Limiting the size of the http/ftp logs will not solve a disk space consumption issue.  Limiting the size refers only to the size of the individual files not how much space the logs can take up on a partition.  IIS will watch a log file, when it hits the file size definition, it will "rollover" the log... meaning it will stop using that log file and create a new one... and so on.

If you aren't using the default web site, delete it.  If you do not use or don't want to save http logs, turn off the feature.

Otherwise, if you need to have your http logs active on your system drive, you need to do something like the following:

1. set logs to rollover daily (this is my recommendation)

do one of the following:

1. set the directory where the log files are being save, to be compressed.  Right click the directory, select properties, On the General tab click Advanced, under Compress or Encryption Attributes, check "Compress content to space disk space" option.

- or -

2. setup a scheduled task to run a script that compresses log files in the log directory.  leaving the currently active log file uncompressed.

But yes, IMO, storing any active (noisy) log files (http, ftp, smtp, etc.) on a system drive is a bad practice.  The biggest issue is that if left unmonitored, you could cause a server/service outage due to running out of space on your OS Boot drive.


Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial