I would create a query: Most Numerous Threat Event Descriptions in the Database - single group summary <> labels event description <> Values number of threat events <> Filter event received time is within the last 1 hour
You may be able to narrow down who or what is causing the influx of DB entries.
Are you following the ePO Database Maintenance plan?
Did the database increase significantly in the past few days, or has it been increasing gradually and you didn't notice until now? Do you have tasks set up to purge old events? If the increase is recent and sudden, then Tao is likely correct that some specific system or behavior is causing a massive influx of events.
thanks for the reply...
As per your reply... we haven't followed EPO DB maintenance Plan.
DB gradually increased and notice when the epo server was too slow to operate.
Purge task in running and keeping last 6 months data.
By doing DB Maintenance plan... can DB size 291GB will gets reduce ???
So, to answer your question about the "DB size 291GB will gets reduce ???" yes & no. The ePO SQL Server maintenance jobs is part one of a two part process. Part 1 ePO SQL Server maintenance jobs will help improve the performance and functionality of your ePO environment and Part 2 is regularly purge old events (for example, all events older than three months) using the ePO Purge Events Server Task. The database size should more or less stabilize; this is assuming that your database growth rate is proportional to the older events that are deleted.
McAfee ePO does not come with a preconfigured server task to purge task events. This means that many users never create a task to purge these events and, over time, the McAfee ePO server SQL database starts growing exponentially and is never cleaned. You must determine your event data retention rate. The retention rate can be from one month to an entire year. The retention rate for most organizations is about six months. For example, six months after your events occur, on schedule, they are deleted from your database.
Shrinking is not advised but you can use the query in the KB to see what events are most numerous and decide if you want to disable them moving forward pending the purge. Back up your database before you purge. Purge the events that take up the most space that you dont need. Then I would advise you go into server settings>events and see what events are turned on that you can turn off.
The size will not reduce but you will have free space in the DB so think of it as regaining space.
have you ever tested the "Perfomance Optimizer" Tool for McAfee? Actual versions now are inspecting the whole database and showing you why your database is so big.
Look at the recovery model set for SQL database and change it to simple.
YES, this could be a reason..... :-)