We have noticed extremely large folder on our server. It happens that Error logs are kept there.
Folder is here:
We have deleted its content completely and we also disabled Error logging. In order to do this you need(as administrator):
- Start gpedit.msc to open the group policy editor
- Browse to computer settings/administrative templates/windows components/windows error reporting.
- On the right hand side there will be a “Disable windows error reporting” setting that you can flip on to disable things altogether
If you want to take a look at one of the erorr dumps the easiest way to do this is through the windows debuggers:
- Install the windows debuggers from http://www.microsoft.com/whdc/devtools/debugging/default.mspx
- Make sure the debugger machine has internet access, and copy one of the .hdmps across to it.
- Run windbg.exe -z foo.hdmp to open up the dump in the gui debugger
- From the command window that comes up type:
- symfix c:\cache – this fixes up the symbol paths so we can resolve stacks
- reload -f ntdll.dll – this loads symbols for one of the core os dlls and validates that we can do basic analysis
- analyze -v – this analyzes the dump and should give root cause analysis including the stack back trace from the crash etc.