cancel
Showing results for 
Search instead for 
Did you mean: 
avilt
Level 7

ePO DB is Increasing

I am using ePO for VSE & SC application control management on SQL 2014 R2 Express. THe DB is growing very quick, what steps can I take to prevent it from raching its maximum limit of 10GB?

I have already purged threat events.

0 Kudos
6 Replies
tao
Level 13

Re: ePO DB is Increasing

The following may help:

Review/Create an automated server task to delete all events in the database that are older and no longer

needed - Page 192

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25519/en_US/...

How to identify why the ePolicy Orchestrator database is very large Technical Articles ID: KB76720 Last Modified:  11/7/2016

McAfee Corporate KB - How to identify why the ePolicy Orchestrator database is very large KB76720

How to find the top 10 events and purge events from the ePO database based on the event ID Technical Articles ID:   KB83652 Last Modified:  11/4/2016

McAfee Corporate KB - How to find the top 10 events and purge events from the ePO database based on ...

How to remove old events and shrink the ePolicy Orchestrator database Technical Articles ID: KB68961 Last Modified:  2/22/2017

McAfee Corporate KB - How to remove old events and shrink the ePolicy Orchestrator database KB68961

0 Kudos
johnmoe
Level 11

Re: ePO DB is Increasing

Also in the Best Practices Guide (first link in ​'s reply) starting on page 171 is recommended SQL maintenance.

0 Kudos
McAfee Employee

Re: ePO DB is Increasing

​, Do you have anything in learning mode such as HIPS? They tend to fill up database fairly quickly. In addition to links tao provided earlier, you may also want to look at ePO settings and decide what client events you want to retain or forward to database. This can be changed here:

ePO Server Settings \ Event Filtering

0 Kudos
avilt
Level 7

Re: ePO DB is Increasing

You are right, I do have HIPS in learning mode. How can I minimize HIPS events in ePO databse?

0 Kudos
McAfee Employee

Re: ePO DB is Increasing

​, You will need to edit your HIPS policy. Typically you enable learning/adaptive mode temporarily to get an assessment of your network and applications for a brief period of time. This can be done on a select few systems for a week or so without putting a strain on database.

Host Intrusion Prevention 8.0:IPS > IPS Options (Windows, Linux, Solaris) > Your applied policy :

De-select  Adaptive mode enabled (rules are learned automatically)  option.

0 Kudos
Pmaquoi
Level 10

Re: ePO DB is Increasing

you could  also install the McAfee Performance optimizer module into your epo. this tool will execute many assements each day on your SAL server and your epo. It will help you greatly to identify wha't wrong in your database. I use it since it's first beta and it's a precious tool.

P.Maquoi

0 Kudos