Would it be a good idea to write a policy to automatically delete the log files from c:\windows\logs\cbs if the computer notices more than X number of cab_#### files in c:\windows\temp? We’re seeing a handful of computers with thousands of cab_#### files in c:\windows\temp. If this isn’t the best way to fix this type of problem, what suggestions would yall have?
You could do this with a policy action, though it might not be a great idea to delete them all. You could just delete the oldest log file in c:\windows\logs\cbs and clean up the CAB files in temp.
I’d be concerned that you might be deleting logs you need.
We made a small .cmd file via a fixlet using “createfile until __EOF”. It deletes only the oldest log file as well as cab_/.tmp files older than 90 days. It’s worked so far except for a couple computers that didn’t have enough disk space to create the .cmd file. We had to manually clean those via the c$ windows share. Thanks for the input!
Where I’ve seen thousands of cab_xxx files in \windows\temp, it’s been caused by the cbs.log itself being too large for Microsoft’s cabarc.exe to properly archive it; IIRC that was at either 2 GB or 4 GB. When that happens Windows keeps retrying the archive process, generating a new, incomplete cab_xxx each time and not shrinking the cbs.log.
I agree with @JasonWalker … it is definitely a good idea to figure out the root cause and deal with that as well, because this shouldn’t be happening and just deleting the artifacts of the problem isn’t a good overall solution even if it is a good temporary measure.
I might could have just posted the actual cmd file earlier. We’re checking for more than 100 cab_ files to see if the problem condition exists then making sure to only delete the oldest cbs log file (supposed to be the problem one) and log files older than 30 days in c:\windows\temp. If there is a better way to do this I’d be interested.
Important parts of the fixlet:
createfile until __EOF
@echo off
for /f %%A in ('dir c:\windows\temp\cab_*^| find "File(s)"') do set cnt=%%A
echo File count = %cnt%
if %cnt% gtr 100 goto :bigger
goto :end
:bigger
rem "Cleaning up some stuff"
del c:\windows\temp\cab_*
rem "Delete old *.tmp files"
forfiles /P "c:\windows\temp" /S /M *.tmp /C "cmd /c del /F /Q @path" /D -30
rem Delete oldest log file in c:\windows\logs\cbs
setlocal
set Folder=c:\windows\Logs\CBS
set FileMask=*.log
set OldestFile=
for /f "delims=" %%a in ('dir /b /o:d "%Folder%\%FileMask%" 2^>NUL') do (
set OldestFile=%%a
goto Break
)
:Break
if "%OldestFile%"=="" (
echo No files found in '%Folder%' matching '%FileMask%'!
) else (
del "%Folder%\%OldestFile%"
)
:end
__EOF
