Join Log in
Score:0
avatar Server

System32 / NDF / .etl files - safe to delete?

sd flag
NGenrLA

I have a VM running Windows Server 2012R2 using Remote Desktop Services with about 200 users logging in on and off 24/7 - meaning, there's never a really good time to reboot and any downtime is definitely not appreciated by the users.

In trying to find out why the C drive is filling up - besides the usual largeness of pagefile and when all the user drives mount and unmount independently, from a separate storage, so they wouldn't affect this - I found there's a file within System32\NDF, with extension ".etl" which is over 40GB.

It seems to have been created (and last modified) at least a year before the last reboot.

I see that the NDF folder keeps event logs of network diagnostics, but can't tell if it's safe to delete this file or not. My understanding is that .etl files are just logs, but out of principle I never delete (or move) Windows-created files that I'm not familiar with, particularly within System32.

Additionally, I looked through the Windows Logs in Event Viewer but don't see anything unusual or concerning, that would repeat over and over and explain the reason behind this giant file.

I'm trying to find any precedent of anyone ever deleting this type of file (or similar) successfully without in some way affecting users who may be actively using the box?

82
0 + 0
Score:1
VWP.CS avatar Server
in flag
VWP.CS

First, I'll note that you should ask for a regular maintenance window. Critical patches are issued by Microsoft and you should be updating asap when these come out. To achieve this, you may want to pitch hosting another RDS server and setup a RDS Gateway. This shouldn't be too much of an ask if the server is critical for operations.

ETL is typically short for Event Trace Log. Software that creates performance data can create these, such as performance monitor. You can try opening it in Windows Event Viewer as a Saved log.

ETL can also stand for Extract, Transform, Load. Typically used when copying data from a production database into a data warehouse. These typically do not get saved as ETL files but I'm thinking if the file is very large, this is a possibility.

I think you are safe to try to open the file while it is on the server. I would guess you're going to find a bunch of old performance data there. Move it off to cheaper storage before deleting it altogether.

edit - forgot a word and found a link that says NDF can be short for Network Diagnostics Framework

https://docs.microsoft.com/en-us/windows/win32/ndf/about-ndf

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.