Hello All,
I am seeing the huge size of Database :
In the Eventparser.log I can see the below error :
The transaction log for database 'DBName_Events' is full due to 'Log_Backup' , Error Code:-
And all the events were getting piled up in the DB\Events folder later we increased the size of the disk and events started parsing.
The major thing is the events are not getting deleted and Would like to know what all option I can explore here
Maintenance task is running and Purge task is also set.
In Purge Task I am seeing the below error:
Any suggestions here, Or Do I need to use the Shrink option ?
Thanks
Solved! Go to Solution.
Changing it to simple will help. Rollup events are only if that is a rollup server. Refer to https://docs.mcafee.com/bundle/epolicy-orchestrator-5.10.0-product-guide/page/GUID-B5098C28-CC7D-44C... for what a rollup server is.
You need to purge threat and product events to help reduce the events database.
The recovery model can be changed in the properties of the database on the options tab. Any precautions are always to have full backups of epo and both databases when making any changes.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Back up everything per kb66616 to start with. You have 2 options for controlling the transaction log.
1. Set recovery model to simple
or
2. Keep it to full and schedule transaction log backups at least every 15 minutes.
Once that is done, set up purge events tasks in epo to purge events. They will take time to run if you have a lot of events, so let them run in the background.
From the KB, just follow the recommended maintenance steps. If you need assistance with that, you can get with your dba, as most of that is done on the sql side of things.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
To back up transaction log:
Yes, you run the reindex on both databases.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Is the events database in full recovery mode or simple? By the looks of it, I would assume full. If that is the case, you need to run transaction log backups a lot more frequently, maybe every 15 minutes or so. Review KB67184 for that.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Also, purging rollup data isn't going to affect the events. You need to regularly purge the events themselves - there are default purge options for purging threat events, audit logs, server task logs, product events.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Just for my understanding:
Just wanted to know why the purging roll up data is not going to affect the events?
Also what if I make the changes from Full to Simple recovery model ? Does Making simple is going to help ?
we are using enterprise edition.
any specific steps do I need to follow ?
please suggest
Changing it to simple will help. Rollup events are only if that is a rollup server. Refer to https://docs.mcafee.com/bundle/epolicy-orchestrator-5.10.0-product-guide/page/GUID-B5098C28-CC7D-44C... for what a rollup server is.
You need to purge threat and product events to help reduce the events database.
The recovery model can be changed in the properties of the database on the options tab. Any precautions are always to have full backups of epo and both databases when making any changes.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Indeed the recovery model is set to FULL
What exactly I need to perform from KB67184.
Please suggest.
Back up everything per kb66616 to start with. You have 2 options for controlling the transaction log.
1. Set recovery model to simple
or
2. Keep it to full and schedule transaction log backups at least every 15 minutes.
Once that is done, set up purge events tasks in epo to purge events. They will take time to run if you have a lot of events, so let them run in the background.
From the KB, just follow the recommended maintenance steps. If you need assistance with that, you can get with your dba, as most of that is done on the sql side of things.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Thanks for the explanation,
How to perform this :
Keep it to full and schedule transaction log backups at least every 15 minutes.?
Please help me with the steps as we do not have any DBA available.
Also, Do I need to run the fragmentation query on both the Databases (main_db and events_DB)
Please help me.
Thank You
To back up transaction log:
Yes, you run the reindex on both databases.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA