cancel
Showing results for 
Search instead for 
Did you mean: 

ePO 5.9.1 Archive Events

 

Hi All,

This page

https://docs.mcafee.com/bundle/epolicy-orchestrator-5.9.1-product-guide/page/GUID-6AF4BE61-3B6C-439A...

 

Says that in 5.9.1 I can create a Server Task to Archive Events.
However when I try and follow the steps on my ePO server, there is no "Archive Events" option.

I am using 5.9.1. (build 251) and have a SQL server registered in registered servers.

 

6 Replies
McAfee Employee hem
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: ePO 5.9.1 Archive Events

You can use default server task 'Purge Threat and Client Events Older than 90 Days'. Archiving and purging is samething or can create new task using the steps. Select purge than Archieve and select time period you would like to purge events from database.

 

 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: ePO 5.9.1 Archive Events

Hi Hem,

Purge and Archive are NOT the same thing, at least not for what I want.

'Purge' simple deletes any rows from the database table within the given range.

'Archive' will copy or maybe move rows from the main database to another database.

 

Is this possible with 5.9.1 - the web page I linked to implies that it is.

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: ePO 5.9.1 Archive Events

Epo tasks don't have an archive functionality.  You can set up a rollup server to offload events to, or a siem to pull them from the database.  With a rollup server, you can query that server for past events that you have retained on that server.  The product guide walks you through setting that up and how to get events to that database.  Once the events are rolled up daily or on your schedule, you can purge the local production ones to the desired time frame, while the archived events are on the rollup.  From there, you can purge them for a longer time frame to have more historical data.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: ePO 5.9.1 Archive Events

Thanks, I think the rollup server might be what I want.

 

I still think its odd that the linked page seems to clearly indicate that you can archive events.

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: ePO 5.9.1 Archive Events

Actually, hold on.  I checked the documentation you linked to and according to that, there is supposed to be that availability.  However, that option actually doesn't exist.  I can't even add an sql server type under registered servers.  So, I understand what you are expecting to happen.  I don't see even a server task type of archive events, so I am checking with development on this.  That option doesn't even exist in 5.10.  So, for now, the rollup server option is your best bet.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 7 of 7

Re: ePO 5.9.1 Archive Events

Refer to KB87673

115744 - 5.9.0 5.10 Issue: The Help file included with ePO 5.9.0 includes an Archive Events section, but this product feature was not implemented in ePO 5.9.0, and the corresponding product guides have all been updated to remove this section.

Workaround: Ignore this section of the Help, as it is in error. Help will be updated in a future release to remove this section.

NOTE: The Archive Events feature might or might not be introduced in a future release of ePO.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

ePO Support Center Plug-in
Check out the new ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.