The original post querying the issue is 6 months old, that knowledgbase article is only 2-3 weeks old judging by the dat files used in the examples. Most of the time the knowledgbase is very usefull but a lot of non english admins find it very hard to use, and in many cases issues are raised and workarounds discussed here before Mcafee release an article from their private in house knowledgebase to the public faceing one.
So you have switched off 1059 events in the server configuration/ events filtering and you have exempted the events you have already collected by applying the filter on 1059 evenbts to your reports (as stated in the link)
but you are still getting scan timed out hits on your report?
Yes, i have switched 1051 and 1059 events off in the server configuration/ events filtering and examined the collected reports were from 1059 and 1051 events but still getting Scan timed out hits.
One thing i noticed is that the clients sending were those have just joined ePO. Is it becoz of 1059 events has been sent to ePO prior to policy being pushed to them? but if events filtering is running in ePO, this should not happen. or the clients themselves will filter events before sending to ePO? then this can explain..
another thing i don't know should i post here or start another thread.. when i purge events log, it takes forever to finish. :mad: any idea?
If you note on the event filtering in EPO 4.0 it says. "The agent forwards - only selected events to the server"
but until they have checked in and received that policy they will still forward 1059 events, so you get them from new agents until they pick up the filtered forwarding policy and then they will stop forwarding them, if you have added the filter to reports this shouldnt be too much of an issue as you still wont see them.
If you have all these entries I can see why it would take some time, I know when I was purging on 3.6.1 my initial purge took 18 hours, but once I'd got that out of the way it could be between 5-30 minutes depending on how things were going. I would just persevere with it until you have cleared the crud out (or create an sql query to clear out stuff older than xxx if you really cant wait)
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.