Need urgent support...
Issue : EPO 5.3.2 has become too slow, unable to operate anything since from couple of days.
Reason think so : McAfee EPO SQL database size has increased from 50GB to 291GB, Memort using around 81%.
Performed : Ran Top 10 events finder in SQL query and ran one more query to delete the event id's which are higher, but still DB has not decreased.
: Shrink-ed the McAfee DB, but still unsuccessful.
Current version using in the environment : McAfee EPO 5.3.2
: VSE 8.8 P8.
: McAfee Agent 5.0.4
: HDLP 9.4.2
Awaiting for your support and feedback.
I would create a query: Most Numerous Threat Event Descriptions in the Database - single group summary <> labels event description <> Values number of threat events <> Filter event received time is within the last 1 hour
You may be able to narrow down who or what is causing the influx of DB entries.
Are you following the ePO Database Maintenance plan?
Did the database increase significantly in the past few days, or has it been increasing gradually and you didn't notice until now? Do you have tasks set up to purge old events? If the increase is recent and sudden, then Tao is likely correct that some specific system or behavior is causing a massive influx of events.
thanks for the reply...
As per your reply... we haven't followed EPO DB maintenance Plan.
DB gradually increased and notice when the epo server was too slow to operate.
Purge task in running and keeping last 6 months data.
By doing DB Maintenance plan... can DB size 291GB will gets reduce ???
So, to answer your question about the "DB size 291GB will gets reduce ???" yes & no. The ePO SQL Server maintenance jobs is part one of a two part process. Part 1 ePO SQL Server maintenance jobs will help improve the performance and functionality of your ePO environment and Part 2 is regularly purge old events (for example, all events older than three months) using the ePO Purge Events Server Task. The database size should more or less stabilize; this is assuming that your database growth rate is proportional to the older events that are deleted.
McAfee ePO does not come with a preconfigured server task to purge task events. This means that many users never create a task to purge these events and, over time, the McAfee ePO server SQL database starts growing exponentially and is never cleaned. You must determine your event data retention rate. The retention rate can be from one month to an entire year. The retention rate for most organizations is about six months. For example, six months after your events occur, on schedule, they are deleted from your database.
Shrinking is not advised but you can use the query in the KB to see what events are most numerous and decide if you want to disable them moving forward pending the purge. Back up your database before you purge. Purge the events that take up the most space that you dont need. Then I would advise you go into server settings>events and see what events are turned on that you can turn off.
The size will not reduce but you will have free space in the DB so think of it as regaining space.