How to Safely Clear HTTP Error Logs in C:\Windows\system32\LogFiles\Httperr to Free Up Disk Space


2 views

The C:\Windows\system32\LogFiles\Httperr directory contains HTTP error logs generated by the HTTP.sys driver on Windows servers and workstations. These logs record HTTP protocol violations, connection timeouts, and other web-related errors.

Yes, you can safely delete these log files as they are purely diagnostic. The HTTP.sys service will automatically create new log files when needed. However, consider these precautions:

  • Stop IIS (if running) before deletion to prevent file locking issues
  • Consider archiving logs if you need them for troubleshooting
  • Verify no monitoring systems rely on these logs

Here's a PowerShell script to safely clean up old HTTPERR logs while keeping recent ones:

# PowerShell script to clean HTTPERR logs older than 30 days
$logPath = "C:\Windows\system32\LogFiles\HTTPERR"
$retentionDays = 30

try {
    # Stop IIS temporarily (optional)
    Stop-Service -Name W3SVC -Force -ErrorAction SilentlyContinue
    
    # Delete old log files
    Get-ChildItem -Path $logPath -File | 
        Where-Object { $_.LastWriteTime -lt (Get-Date).AddDays(-$retentionDays) } | 
        Remove-Item -Force
    
    # Restart IIS if it was running
    if ((Get-Service -Name W3SVC).Status -eq 'Stopped') {
        Start-Service -Name W3SVC
    }
    
    Write-Output "HTTPERR log cleanup completed successfully"
}
catch {
    Write-Error "Error during cleanup: $_"
}

Instead of manual cleanup, configure HTTP.sys to rotate logs automatically by modifying the registry:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]
"ErrorLoggingDir"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
  00,73,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4c,\
  00,6f,00,67,00,46,00,69,00,6c,00,65,00,73,00,5c,00,48,00,54,00,54,00,50,\
  00,45,00,52,00,52,00,00,00
"EnableErrorLogging"=dword:00000001
"ErrorLogFileSizeInKB"=dword:00002000  # 8192 KB (8MB) max size per file
"ErrorLogFilesLimit"=dword:0000000a    # Keep maximum 10 files

If you experience problems after deleting log files:

  • Permission denied errors: Run your cleanup script as Administrator
  • Files reappearing quickly: Investigate HTTP traffic issues causing excessive logging
  • IIS fails to restart: Check Event Viewer for related errors

To track log file growth patterns, use this PowerShell snippet:

# Monitor HTTPERR log directory size over time
$logPath = "C:\Windows\system32\LogFiles\HTTPERR"
$logSize = (Get-ChildItem -Path $logPath -File | 
           Measure-Object -Property Length -Sum).Sum / 1MB

Write-Output "Current HTTPERR log size: $logSize MB"

The C:\Windows\system32\LogFiles\HTTPERR directory contains HTTP error log files generated by the HTTP.sys driver in Windows. These files record HTTP request processing errors for IIS (Internet Information Services). Typical entries include failed requests, timeout errors, and connection issues.

In high-traffic environments, these logs can grow rapidly:

# Example of log file growth pattern
Monday    - 50MB
Tuesday   - 120MB 
Wednesday - 300MB
...

Common causes of excessive logging include:

  • Misconfigured web applications
  • Brute force attacks
  • Client-side scripting errors
  • Load balancer health checks

You can safely delete these files with these approaches:

Manual Deletion (One-time)

# PowerShell command to delete all .log files
Remove-Item -Path "C:\Windows\system32\LogFiles\HTTPERR\*.log" -Force

Scheduled Cleanup

Create a scheduled task with this PowerShell script:

# CleanHTTPERR.ps1
$logPath = "C:\Windows\system32\LogFiles\HTTPERR"
$maxAge = 30 # days

Get-ChildItem -Path $logPath | Where-Object {
    $_.LastWriteTime -lt (Get-Date).AddDays(-$maxAge)
} | Remove-Item -Force

IIS Configuration Adjustment

Modify HTTP.sys settings to control logging behavior:

# Registry path
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters

# Values to consider changing:
EnableErrorLogging = 0 (disable)
ErrorLogFileTruncateSize = 1048576 (1MB)
ErrorLoggingDir = "D:\CustomLogPath"
  • Log rotation: Configure IIS to rotate logs automatically
  • Log analysis: Regularly review logs before deletion
  • Alternative storage: Move logs to a different partition
  • Monitoring: Set up alerts for abnormal log growth

While deleting these files is generally safe, consider:

  1. Don't delete files currently in use by IIS (stop IIS first if needed)
  2. Maintain a backup before mass deletion
  3. Verify no active investigations require these logs
  4. Check for log file handles with Process Explorer if deletion fails