cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
anonn
Level 8
Report Inappropriate Content
Message 1 of 12
‎09-27-2017 06:29 AM

How to Purge ePO events in the DB

Jump to solution

How do I  Purge ePO events in the DB, I have tried the below statements and they still do not work, please assist

SET rowcount 10000

DELETE FROM epoEvents

WHERE detectedutc < '2015-06-01'

WHILE @@rowcount > 0

BEGIN

DELETE FROM epoEvents

WHERE detectedutc < '2015-06-01'

END

SET rowcount 0

GO

Delete from OrionAuditLog where StartTime  < (GetDate() - 90)

0 Kudos
Reply
1 Solution

Accepted Solutions
SWISS
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 11 of 12
‎01-21-2019 06:48 AM

Re: How to Purge ePO events in the DB

Jump to solution

The tablenames changed from EPO 5 to 5.X and may have changed in EPO 10.

OLD: EPOProductEvents

NEW:EPOProductEventsMT

 

http://www.butsch.ch/post/Mcafee-EPO-Server-4X-Database-or-Space-growing-EPOevents.aspx

http://www.butsch.ch/post/MCAFEE-EPO-SQL-shrink-large-files-in-small-steps.aspx

Sample of tables from an EPO 5.3.1 Version:

use ePO_EMEA_butsch.ch
go
DELETE FROM epoEventsMT WHERE (DetectedUTC < GETDATE() - 14)
go
DELETE FROM EPOProductEventsMT WHERE (DetectedUTC < GETDATE() - 14)
go
DELETE FROM OrionAuditLogMT WHERE (StartTime < GETDATE() - 14)
go
DELETE FROM OrionSchedulerTaskLogMT WHERE (StartDate < GETDATE() - 14)
go
DELETE FROM OrionSchedulerTaskLogDetailMT WHERE (MessageDate < GETDATE() - 14
go
Use master
GO

View solution in original post

Reply
11 Replies
moekhass
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 12
‎09-27-2017 11:02 AM

Re: How to Purge ePO events in the DB

Jump to solution

​, Welcome to McAfee community. Please see this kb McAfee Corporate KB - How to remove old events and shrink the ePolicy Orchestrator database KB68961

and possibly McAfee Corporate KB - ePolicy Orchestrator 5.x database size warning during upgrade KB79561

You can also do it from ePO console. You need to create a server task. You can then schedule it to run every month or as needed.

0 Kudos
Reply
vmnguyen
Level 8
Report Inappropriate Content
Message 3 of 12
‎01-11-2019 04:21 PM

Re: How to Purge ePO events in the DB

Jump to solution

Anyone got the new SQL statement for EPO 5.10?

0 Kudos
Reply
vmnguyen
Level 8
Report Inappropriate Content
Message 4 of 12
‎01-11-2019 09:33 PM

Re: How to Purge ePO events in the DB

Jump to solution

Looks like the same statement will work, but you just need to select the Event database and run it.

SET rowcount 10000
DELETE FROM epoEvents
WHERE threateventid = '1095'
WHILE @@rowcount > 0
BEGIN
DELETE FROM epoEvents
WHERE threateventid = '1095'
END
SET rowcount 0
GO

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 12
‎01-14-2019 05:10 AM

Re: How to Purge ePO events in the DB

Jump to solution

It is preferable to purge them using a server task in epo rather than directly from the database.  However, if you do use one of the queries mentioned, please keep in mind that different versions of epo have different table names for the events, such as epoevents vs epoeventsmt. 

What is the purpose of purging through sql vs the epo server tasks?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
vmnguyen
Level 8
Report Inappropriate Content
Message 6 of 12
‎01-16-2019 11:26 AM

Re: How to Purge ePO events in the DB

Jump to solution

In some cases, purging using SQL is faster and more convenient. We had some events that were not set to purge and had 100+ milliion events.

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 12
‎01-16-2019 11:29 AM

Re: How to Purge ePO events in the DB

Jump to solution

That would make sense in that scenario

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
sw41
Level 10
Report Inappropriate Content
Message 8 of 12
‎01-17-2019 11:52 AM

Re: How to Purge ePO events in the DB

Jump to solution

Do we also need to purge EPOProductEvents?  Our pre-upgrade script also called out that database.  I am guessing the same sql as above but from EPOProductEvents

0 Kudos
Reply
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 12
‎01-17-2019 12:35 PM

Re: How to Purge ePO events in the DB

Jump to solution

Yes, you would.  Validate also column names, as they may be different.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
SWISS
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 10 of 12
‎01-21-2019 06:56 AM

Re: How to Purge ePO events in the DB

Jump to solution

"You can also do it from ePO console. You need to create a server task. You can then schedule it to run every month or as needed."

Yes but for his case maybe:

ONLY if he has:

a) SPACE on Disks

b) ENOUGH Limit on the SQL

c) LIMIT if SQL Express according to Version not reached

The he has to go with OSQL.exe Commandline tool as example and shrink or cut events step by step in 100-500 at once.

 

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC