Hello dear friends
one week ago I do a mistake and run the automate task server to purge threats and Client events for 90 days, and now I need the log of threats for 1 year ago and it is clear from the epo.
how can I back this log?? I get backup from my epo every day but I need the path of this log to back it up. would you please tell me where did it store?
If you have a database backup, I would restore the database to another SQL server first and run some SQL queries to verify the events you want are there. Then, you can decide whether you want to restore the database for EPO to use.
thanks for your response, I have database backup but I need to bring back this specific log, threat logs for 1 year which I can see in my epo console in this path reporting>threat events log.
I mistakenly run the server automate task to purge threat and clients events older than 90.
I check the DB log but it is not included threat event log of clients. I Need to restore this specific log that is not store in db folder.
It's not a log file; it's in the database. You likely cannot selectively restore just the threat log element of the database, and even if you did, you would likely lose any events since the last backup was taken. Either restore the backup to your database server and lose any data you've collected since then, or restore the DB to another server so you can query the data there.
As many other already suggested, you can restore your database from the past. You would then of course lose event/s that have occurred since that backup. you have to ask yourself, how critical is it to retain 1 year old information? if it's a must, you have to restore the database. either go back in the past OR carry on with current data.
do not experiment restoring + merging with current database. it's EXTREMELY RISKY, very low chance of success and is guaranteed to cause epo issues. You will be asking for trouble.
Best is, discuss with your team or manager. Decide to carry on or simple restore. can you afford to lose 1 week of data vs 1 year and just move on. management will probably forgive an unintended mistake or if data isn't THAT critical but experimenting and damaging even further will not be tolerable.
very thanks, I checked the date of my back up and I saw the sql agent was disable and I have only one back up for 1 year ago I get the full back up now. does it contains old in formations? because I need to check threat log for one year and so in my new back up when I get a query can I find the threats about one of my clients??
would u please help me what schedule is suitable to get backup in two sub-plan for full backup and clear one?