cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 1 of 13

Purge VSE AccessProtectionLog

Jump to solution

Would like to start the new year with a fresh access protection log on several nodes but have been unsuccessfully on how to do so from the ePO 4.6 or 4.5 console.  Any suggestions?

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
1 Solution

Accepted Solutions
Tristan
Level 15
Report Inappropriate Content
Message 6 of 13

Re: Purge VSE AccessProtectionLog

Jump to solution

Suggestion....

Couldn't you just change the name of the file that AP logs to?

Under the Access Protection Policy change the file to -> %DEFLOGDIR%\AccessProtectionLog2012.txt  for example

Each year you could then 'Purge' the log file by simply creating a new one. You also get the benifit of retaining the older log files, they're just unused.

12 Replies
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 2 of 13

Re: Purge VSE AccessProtectionLog

Jump to solution

Please use the server task as per kB#; https://kc.mcafee.com/corporate/index?page=content&id=KB61051&actp=search&viewlocale=en_US&searchid=... by selecting the AP event IDs.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 3 of 13

Re: Purge VSE AccessProtectionLog

Jump to solution

Thank you for your response.  This seems to only purge events from the ePODB and not the access protection log found on the client side.

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 4 of 13

Re: Purge VSE AccessProtectionLog

Jump to solution

I apologize but from the client side,  Older activities will be over-written by newer one once it reaches to  1MB (VSE console=>AP=>properties=>Reports). I don't see any option to define anything based on date.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 5 of 13

Re: Purge VSE AccessProtectionLog

Jump to solution

And there lies the rub.  I have several clients that have events dating as far back as a year ago with no signs of reaching 1MB.  You can purge events from the ePODB but I have not found an easy way to do the same on the client.

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
Tristan
Level 15
Report Inappropriate Content
Message 6 of 13

Re: Purge VSE AccessProtectionLog

Jump to solution

Suggestion....

Couldn't you just change the name of the file that AP logs to?

Under the Access Protection Policy change the file to -> %DEFLOGDIR%\AccessProtectionLog2012.txt  for example

Each year you could then 'Purge' the log file by simply creating a new one. You also get the benifit of retaining the older log files, they're just unused.

Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 7 of 13

Re: Purge VSE AccessProtectionLog

Jump to solution

Good suggestion!  With that said, the next step would be to remove "...2011.txt" from the client system. Otherwise the potential of having 2011, 2012, 2013 and so on could be a nuisance later on.  Perhaps a script of some kind could delete "...2011.txt" file from the client's system.

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
Tristan
Level 15
Report Inappropriate Content
Message 8 of 13

Re: Purge VSE AccessProtectionLog

Jump to solution

Don't forget there's all kinds on protection applied to those log files via Access Protection and windows ACLs. Not sure if an unused log is deletable or not.

Seeing as the average age of a corporate PC is 4 to 5 years is it to much of an issue to have 5 x 1mb files in a folder? Worst case is that you could specify an extra folder depth in the filename and have a folder for each year (a little neater) with the log file save in there.

Reliable Contributor tao
Reliable Contributor
Report Inappropriate Content
Message 9 of 13

Re: Purge VSE AccessProtectionLog

Jump to solution

Thinking of the same thing and only trial/error is going to answer about the permissioning....Thanks for your suggestion!

If this information was helpful or has answered your question, please select Accept as Solution. This will assist other memebers
Highlighted

Re: Purge VSE AccessProtectionLog

Jump to solution

You could also specify the AccessProtectionLog.txt as an unwanted programm and set the action to "delete"

Regards

Tom

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.