I know this has been posted here before.... But can't easily find it.
What's the easiest SQL script to run to determine which Event ID is causing huge database size issues?
What's the easiest way to purge the Event ID/Events causing large database issues?
Go to Solution.
mjmurra wrote:I know this has been posted here before.... But can't easily find it.What's the easiest SQL script to run to determine which Event ID is causing huge database size issues?
Something like this should do the trick - it'll give the top 5 most common events:
select top 5 epoevents.threateventid as 'Event ID', count(*) as 'Count' from epoevents group by threateventid order by count(*) desc
Easiest way is probably to write a query to return the event ids you're interested in, and then run this query from a "Purge Threat Events" server task.
Thanks once again Joe!
Top eventID at this site has 3.1 million entries in the database (failure to scan encrypted file).... Second top is 1 million (Would be blocked by AP)
There definately needs some selective purging done on the database, and some event filtering implemented.
BTW - does anyone know how much space (on average) an event uses in a SQL database? How much should the database reduce by after removing 3.1 million events and then performing maintenance?
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC