cancel
Showing results for 
Search instead for 
Did you mean: 
kranthi.k
Level 7

EPO 5.3.2 SQL Database is almost 291GB

Hi,

Need urgent support...

Issue : EPO 5.3.2 has become too slow, unable to operate anything since from couple of days.

Reason think so : McAfee EPO SQL database size has increased from 50GB to 291GB, Memort using around 81%.

Performed : Ran Top 10 events finder in SQL query and ran one more query to delete the event id's which are higher, but still DB has not decreased.

                  : Shrink-ed the McAfee DB, but still unsuccessful.

Current version using in the environment : McAfee EPO 5.3.2

                                                                  : VSE 8.8 P8.

                                                                  : McAfee Agent 5.0.4

                                                                  : HDLP 9.4.2

Awaiting for your support and feedback.

Regards,

Kranthi.K

0 Kudos
9 Replies
catdaddy
Level 20

Re: EPO 5.3.2 SQL Database is almost 291GB

Successfully moved from Community Support to ePolicy Orchestrator (ePO) > Discussions

Cliff
McAfee Volunteer
0 Kudos
tao
Level 13

Re: EPO 5.3.2 SQL Database is almost 291GB

I would create a query: Most Numerous Threat Event Descriptions in the Database - single group summary <> labels event description <> Values number of threat events <> Filter event received time is within the last 1 hour

You may be able to narrow down who or what is causing the influx of DB entries.

0 Kudos
tkinkead
Level 12

Re: EPO 5.3.2 SQL Database is almost 291GB

Are you following the ePO Database Maintenance plan?

McAfee Corporate KB - kb67184

Did the database increase significantly in the past few days, or has it been increasing gradually and you didn't notice until now?  Do you have tasks set up to purge old events?  If the increase is recent and sudden, then Tao is likely correct that some specific system or behavior is causing a massive influx of events.

kranthi.k
Level 7

Re: EPO 5.3.2 SQL Database is almost 291GB

Hi,

thanks for the reply...

As per your reply... we haven't followed EPO DB maintenance Plan.

DB gradually increased and notice when the epo server was too slow to operate.

Purge task in running and keeping last 6 months data.

By doing DB Maintenance plan... can DB size 291GB will gets reduce ???

Regards,

Kranthi.

0 Kudos
tao
Level 13

Re: EPO 5.3.2 SQL Database is almost 291GB

So, to answer your question about the "DB size 291GB will gets reduce ???" yes & no.  The ePO SQL Server maintenance jobs is part one of a two part process. Part 1  ePO SQL Server maintenance jobs will help improve the performance and functionality of your ePO environment and Part 2 is regularly purge old events (for example, all events older than three months) using the ePO Purge Events Server Task. The database size should more or less stabilize; this is assuming that your database growth rate is proportional to the older events that are deleted.

McAfee ePO does not come with a preconfigured server task to purge task events. This means that many users never create a task to purge these events and, over time, the McAfee ePO server SQL database starts growing exponentially and is never cleaned.  You must determine your event data retention rate. The retention rate can be from one month to an entire year. The retention rate for most organizations is about six months. For example, six months after your events occur, on schedule, they are deleted from your database.

Page 192: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25519/en_US/...

0 Kudos
noobmode
Level 7

Re: EPO 5.3.2 SQL Database is almost 291GB

McAfee Corporate KB - How to remove old events and shrink the ePolicy Orchestrator database KB68961

Shrinking is not advised but you can use the query in the KB to see what events are most numerous and decide if you want to disable them moving forward pending the purge. Back up your database before you purge. Purge the events that take up the most space that you dont need. Then I would advise you go into server settings>events and see what events are turned on that you can turn off.

The size will not reduce but you will have free space in the DB so think of it as regaining space.

0 Kudos
Troja
Level 14

Re: EPO 5.3.2 SQL Database is almost 291GB

Hello,

have you ever tested the "Perfomance Optimizer" Tool for McAfee? Actual versions now are inspecting the whole database and showing you why your database is so big.

Cheers

0 Kudos
pgajdek
Level 9

Re: EPO 5.3.2 SQL Database is almost 291GB

Look at the recovery model set for SQL database and change it to simple. 

Troja
Level 14

Re: EPO 5.3.2 SQL Database is almost 291GB

YES, this could be a reason..... :-)

0 Kudos