That's IPv6-based access to WSUS that you're seeing there.
Temporarily disable logging so that you don't fill the drive again:
- Jump into IIS Manager
- Locate the WSUS web site (it'll be the one listening on port 8530)
- Bring up the Logging properties for the root of the site
- Click "Disable" in the "Actions" pane.
That'll stop the logs from building up.
I can't say that I've seen WSUS-related traffic build up logs that big before. 4.4MB in a day isn't unheard of, but the 1.67GB in a day means that something has gone wrong.
Yesterday's log file is going to tell you lots about what was occurring. I find it hard to believe that it was all WSUS traffic. I wonder if something else didn't start banging on the server computer. Get that larger log file off of the machine and have a look at it.
Your log looks like it's in the W3C extended format. The format of that log file appears to be:
Date, Time, source IP address, HTTP request method, URI stem, probably URI query, server port, username, server IP address, user agent, HTTP result, probably Win32 status, and probably time taken
(The "probably" fields are because I can't be sure without seeing more of the file.) The header on the file will tell you the format for sure.
You need to get a look at that 1.67GB file-- it's gonna tell you what's up. Logging disabled on the site will prevent the hard drive from filling up again, but you want to know what's happening, behind the scenes, since it's going to be impacting server performance in some manner. Ultimately, you want to get to the bottom of the cause and then get logging enabled again (so that you have an audit trail if you have to track down strangeness again in the future).
The SNMP provider for WMI does the exact opposite of what I think you're expecting it to do. The SNMP provider allows SNMP information to be accessed via WMI. I'm not sure about 2008 but in older versions of windows you needed to have snmp installed before you added IIS. I would suspect its the same with 2008. Try removing the web server role and re-adding it. (presuming that's the correct OID- I can't seem to find any docs on that OID), but you should see something when you walk the tree
Best Answer
running windows 2008? if so, issuing the following will help :
in iis 6 (windows 2003) you can try :
the following was taken from (http://www.it-notebook.org/iis/article/flush_log.htm)
The IIS 6.0 logs are handled by HTTP.sys. For performance and scalability reasons, HTTP.sys buffers the logging for a while before it writes to disk. By default, the buffer time is one (1) minute, and the buffer size is 64 K. When debugging, and this depends on the log files, it could however be great to not buffer. There is no supported way to do this, but an unsupported way is to create the registry value DisableLogBuffering and set it to 1.
After you have created this value, and/or changed its data, you need to restart the machine.
You should NOT do this on a production server, it will cause problems.
The registry value LogBufferSize overrides the default logging buffer of 64 K. This can be done to reduce memory consumption (but will increase CPU and hard disk use).