Few months ago ,i wrote blog post about how to use Compliance Settings to clean content in ccmcache folder. For more information, please refer http://eskonr.com/2016/08/sccm-configmgr-how-to-clean-ccmcache-content-older-than-x-days-using-compliance-settings/
This blog post is about deletion of client log files that contain SCNotify and SCClient.
What does these logs capture information about ?
SCNotify_<domain>@<username>_1.log : Records the activity for notifying users about software for the specified user.
SCNotify_<domain>@<username>_1-<date_time>.log: Records the historical information for notifying users about software for the specified user.
SCClient_<domain>@<username>_1.log: Records the activity in Software Center for the specified user on the client computer.
SCClient_<domain>@<username>_2.log: Records the historical activity in Software Center for the specified user on the client computer.
From these logs ,you will see lot of wmi classes and information about application notification to user with their availability and also use activities performed against the software center.
We will use compliance settings to detect if there are any files with these logs that are older than 7 days and if the count is more than 0 then perform the cleanup.
I am not going in detail step by step to show you how to create compliance settings ,instead i will provide the discovery script and remediate script along with CAB files that i exported from my lab.
So If you want to create your own from scratch ,just replace the script form below for discovery and remediation and you are good OR
you can import the CAB file into your Configmgr and make changes how you like for example ,changing the number of days from 7 to 15 or what ever you like and logs folder location (C:\windows\ccm\logs).
Import the CAB file, deploy the configuration baseline to your clients on schedule basis.
Download the Configuration Baseline file from Technet Gallary
Discovery Script:
#discover
$MinDays = 7
(Get-ChildItem C:\windows\ccm\logs | Where-Object { ($_.Name -like 'SCNotify*' -or $_.Name -like 'SCClient*' -or $_.Name -like '_SCNotify*' -or $_.Name -like '_SCClient*') -and ([datetime]$_.LastWriteTime -lt (get-date).adddays(-$MinDays))} |Measure-Object).count
Remediation Script:
#Remediate
$MinDays = 7
$logs=Get-ChildItem C:\windows\ccm\logs | Where-Object { ($_.Name -like 'SCNotify*' -or $_.Name -like 'SCClient*' -or $_.Name -like '_SCNotify*' -or $_.Name -like '_SCClient*') -and ([datetime]$_.LastWriteTime -lt (get-date).adddays(-$MinDays))}
ForEach ($log in $Logs)
{
del $log.FullName
}
Here is the client that i noticed ,it has 1436 logs out of which with size of 530MB ,of which ,450MB+ logs are with SCNotify and SCClient that are older than 7 days.
Before i run the script ,there are 1436 files with size about 550MB.
After the script:
After the script ,file count reduced to 189 with size 20MB.
Hope this helps !