cancel
Showing results for 
Search instead for 
Did you mean: 

PURGE/DELETE ROGUE EVENTS in 3.6.1

Running patch 4, I need to clean up the Rogue events. There are only 250,000! What SQL tables can I clear out to make all of this go away in one fell swoop. I've searched all over and haven't found the exact answer.

While were on the subject, spill your guts about Rogue System detection and some of the tips/tricks you use.
6 Replies

RE: PURGE/DELETE ROGUE EVENTS in 3.6.1

Well i figured out the EventLog is the right table. All that is taken care of, and I found another sql script in here that removed all the subnet info...

Now I'm wondering if it's safe to wipe out the tables: ActionStatus and Hosts?

My goal is to start over fresh with Rogue Sensors...
Yanze
Level 7
Report Inappropriate Content
Message 3 of 7

RE: PURGE/DELETE ROGUE EVENTS in 3.6.1

Which SQL script are you referring to? Struggling with Rogue also ...
tonyb99
Level 13
Report Inappropriate Content
Message 4 of 7

Re: RE: PURGE/DELETE ROGUE EVENTS in 3.6.1

There is a lot of data you can clear down from the sql DB relating to RSS in 3.6.1 ( in fact i was clearing a load down today as im going to 4 tomorrow) I'll check my notes and see what tables I found were clearable tomorrow and post back

tonyb99
Level 13
Report Inappropriate Content
Message 5 of 7

Re: RE: PURGE/DELETE ROGUE EVENTS in 3.6.1

Cant find the evnt table again offhand but you can use the dbo.task table to remove those orphan rsd install tasks and also the dbo.networks table to clear down bad subnets.

obv backup etc before making any changes yada yada yada

Yanze
Level 7
Report Inappropriate Content
Message 6 of 7

Re: RE: PURGE/DELETE ROGUE EVENTS in 3.6.1

Thanks, I will have a look at those!

Re: RE: PURGE/DELETE ROGUE EVENTS in 3.6.1

There's a few posts on here that detail the tables needed.  I run the attached script that I created (I run EPO 3.6.1 patch4 so don't use it for 4.xx) :

WARNING - I know just enough about SQL to be dangerous.  Use this at your own risk.  Back up your DB before you use it.  It removes all your subnets and events concerning rogue sensors. I used it when updating to patch 4 and I wanted to start from scratch on the Rogue information.

Message was edited by: seanmcd on 11/4/09 7:37 AM