cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
savidudu
Level 10
Report Inappropriate Content
Message 1 of 9
‎12-20-2021 07:40 AM

Database Size Issue

Jump to solution

Hello All,

I am seeing the huge size of Database :


In the Eventparser.log I can see the below error :

The transaction log for database 'DBName_Events' is full due to 'Log_Backup' , Error Code:-

And all the events were getting piled up in the DB\Events folder later we increased the size of the disk and events started parsing.

The major thing is the events are not getting deleted and Would like to know what all option I can explore here

Maintenance task is running and Purge task is also set.

In Purge Task I am seeing the below error:
  
Any suggestions here, Or Do I need to use the Shrink option ?

Thanks

0 Kudos
Reply
3 Solutions

Accepted Solutions
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 9
‎12-20-2021 09:59 AM

Re: Database Size Issue

Jump to solution

Changing it to simple will help.  Rollup events are only if that is a rollup server.  Refer to https://docs.mcafee.com/bundle/epolicy-orchestrator-5.10.0-product-guide/page/GUID-B5098C28-CC7D-44C... for what a rollup server is.

You need to purge threat and product events to help reduce the events database.  

The recovery model can be changed in the properties of the database on the options tab.  Any precautions are always to have full backups of epo and both databases when making any changes.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 9
‎12-21-2021 05:30 AM

Re: Database Size Issue

Jump to solution

Back up everything per kb66616 to start with.  You have 2 options for controlling the transaction log.

1.  Set recovery model to simple

or

2.  Keep it to full and schedule transaction log backups at least every 15 minutes.

Once that is done, set up purge events tasks in epo to purge events.  They will take time to run if you have a lot of events, so let them run in the background.

From the KB, just follow the recommended maintenance steps.  If you need assistance with that, you can get with your dba, as most of that is done on the sql side of things.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 9
‎12-21-2021 07:02 AM

Re: Database Size Issue

Jump to solution

To back up transaction log:

https://docs.microsoft.com/en-us/sql/relational-databases/backup-restore/back-up-a-transaction-log-s...

Yes, you run the reindex on both databases.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

0 Kudos
Reply
8 Replies
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 9
‎12-20-2021 08:03 AM

Re: Database Size Issue

Jump to solution

Is the events database in full recovery mode or simple?  By the looks of it, I would assume full.  If that is the case, you need to run transaction log backups a lot more frequently, maybe every 15 minutes or so.  Review KB67184 for that.  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 9
‎12-20-2021 08:04 AM

Re: Database Size Issue

Jump to solution

Also, purging rollup data isn't going to affect the events.  You need to regularly purge the events themselves - there are default purge options for purging  threat events, audit logs, server task logs, product events.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
savidudu
Level 10
Report Inappropriate Content
Message 4 of 9
‎12-20-2021 09:51 AM

Re: Database Size Issue

Jump to solution

Just for my understanding:


Just wanted to know why the purging roll up data is not going to affect the events?

 

Also what if I make the changes from Full to Simple recovery model ? Does Making simple is going to help ?

we are using enterprise edition.

any specific steps do I need to follow ?

please suggest 

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 9
‎12-20-2021 09:59 AM

Re: Database Size Issue

Jump to solution

Changing it to simple will help.  Rollup events are only if that is a rollup server.  Refer to https://docs.mcafee.com/bundle/epolicy-orchestrator-5.10.0-product-guide/page/GUID-B5098C28-CC7D-44C... for what a rollup server is.

You need to purge threat and product events to help reduce the events database.  

The recovery model can be changed in the properties of the database on the options tab.  Any precautions are always to have full backups of epo and both databases when making any changes.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
savidudu
Level 10
Report Inappropriate Content
Message 6 of 9
‎12-21-2021 05:16 AM

Re: Database Size Issue

Jump to solution

Indeed the recovery model is set to FULL 

What exactly I need to perform from KB67184.

Please suggest.

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 9
‎12-21-2021 05:30 AM

Re: Database Size Issue

Jump to solution

Back up everything per kb66616 to start with.  You have 2 options for controlling the transaction log.

1.  Set recovery model to simple

or

2.  Keep it to full and schedule transaction log backups at least every 15 minutes.

Once that is done, set up purge events tasks in epo to purge events.  They will take time to run if you have a lot of events, so let them run in the background.

From the KB, just follow the recommended maintenance steps.  If you need assistance with that, you can get with your dba, as most of that is done on the sql side of things.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
savidudu
Level 10
Report Inappropriate Content
Message 8 of 9
‎12-21-2021 05:35 AM

Re: Database Size Issue

Jump to solution

Thanks for the explanation,

How to perform this :

Keep it to full and schedule transaction log backups at least every 15 minutes.?

Please help me with the steps as we do not have any DBA available.

Also, Do I need to run the fragmentation query on both the Databases (main_db and events_DB)

Please help me.

Thank You

 

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 9
‎12-21-2021 07:02 AM

Re: Database Size Issue

Jump to solution

To back up transaction log:

https://docs.microsoft.com/en-us/sql/relational-databases/backup-restore/back-up-a-transaction-log-s...

Yes, you run the reindex on both databases.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC