1 Reply Latest reply on Jan 21, 2010 3:22 PM by tb_ng

    ePO 4.0 EPOEvents Table

      Hi Team,

      We had recently upgraded ePO 3.5 to 4.0. On ePO 3.5 we had some reports scheduled based on Events table and in ePO 4.0 this table is now EPOEvents.

      While running SQL queries on EPOEvents we identified that column "AnalyzerIPV4" is not showing IP address "10.10.23.57" but "-1971294919" this value.

      In ePO 3.5 we had HostIPAddress column which used to give us correct IP Address.

      Does "AnalyzerIPV4" column should show IP Address? Or this behavior is correct.

      SQL Query is:

      SELECT AutoID, ReceivedUTC, Analyzer, AnalyzerVersion, AnalyzerHostName, AnalyzerIPV4, TargetUserName, ThreatName, ThreatEventID, TargetFileName, AnalyzerEngineVersion, AnalyzerDATVersion, DetectedUTC, ThreatActionTaken, ThreatSeverity, ThreatType, ThreatName, Analyzer, cast(AgentGUID as varchar(50)), ServerID, ReceivedUTC FROM EPOEvents

      Thanks and Regards
      Satya
        • 1. Re: ePO 4.0 EPOEvents Table
          tb_ng

          See KB66342.  However, that's only a partial answer--it doesn't work on all IP addresses due to the way the data is stored (bits are truncated from either end to save space -- VarDecimal maybe?)  Has to be a forumla somewhere to convert it to a decimal.  From there you can use Excel to convert it.  Something like this (where the integer for the IP is in C2):

           

          =IF(C2<>"", CONCATENATE(INT(C2/256^3), ".", INT(MOD(C2, (256^3))/(256^2)), ".", INT(MOD(MOD(C2, 256^3), 256^2)/256), ".", MOD(MOD(MOD(C2, 256^3), 256^2), 256)), "")

           

          Thanks.