cancel
Showing results for 
Search instead for 
Did you mean: 

Rollup Vs ESM

Jump to solution

We recently ran into an issue where our ePOeventsMT table got to the hundreds of millions of rows and using about 1.5TB of space.

We have solved this issue now but I want to prevent this situation from occuring again.
I've been looking at the different options and have come up with about three so far.

1) Use a roll up server to move the older events to a seperate "reporting" ePO server

2) Move all the older events into ESM/SEIM

3) Do some funky stuff within SQL to remove older events.


The idea being that, say once a month, I run a job to move/copy anything older the 90 days out of the live database then delete them. Thereby keeping the live database a manageable size, but also keeping the events. The events need to be kept for security / contract reasons.

 

How have other people done this?
Is that another better way?

 

1 Solution

Accepted Solutions
Highlighted
akerr Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: Rollup Vs ESM

Jump to solution

My suggestion would be to have the SIEM pick up all your ePO events as with any data source to store them long term, and then have ePO do a regularly scheduled purge task.

View solution in original post

2 Replies
Highlighted
akerr Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 3

Re: Rollup Vs ESM

Jump to solution

My suggestion would be to have the SIEM pick up all your ePO events as with any data source to store them long term, and then have ePO do a regularly scheduled purge task.

View solution in original post

Re: Rollup Vs ESM

Jump to solution

Yes, Our local account rep has also suggested the same thing.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community