6 Replies Latest reply on Aug 15, 2017 12:55 AM by a2wa2

    bring back threat log


      Hello dear friends


      one week ago I do a mistake and run the automate task server to purge threats and Client events for 90 days, and now I need the log of threats for 1 year ago and it is clear from the epo.

      how can I back this log?? I get backup from my epo every day but I need the path of this log to back it up. would you please tell me where did it store?


        • 1. Re: bring back threat log

          If you have a database backup, I would restore the database to another SQL server first and run some SQL queries to verify the events you want are there. Then, you can decide whether you want to restore the database for EPO to use.


          McAfee Corporate KB - How to back up and restore the ePolicy Orchestrator database using SQL Server Management Studio KB…

          • 2. Re: bring back threat log

            Dear kabi

            thanks for your response, I have database backup but I need to bring back this specific log, threat logs for 1 year which I can see in my epo console in this path reporting>threat events log.

            I mistakenly run the server automate task to purge threat and clients events older than 90.

            I check the DB log but it is not included threat event log of clients. I Need to restore this specific log that is not store in db folder.

            • 3. Re: bring back threat log

              how can I get query about threats?

              • 4. Re: bring back threat log

                It's not a log file; it's in the database.  You likely cannot selectively restore just the threat log element of the database, and even if you did, you would likely lose any events since the last backup was taken.  Either restore the backup to your database server and lose any data you've collected since then, or restore the DB to another server so you can query the data there.

                • 5. Re: bring back threat log
                  Moe Hassan

                  As many other already suggested, you can restore your database from the past. You would then of course lose event/s that have occurred since that backup. you have to ask yourself, how critical is it to retain 1 year old information? if it's a must, you have to restore the database. either go back in the past OR carry on with current data.


                  do not experiment restoring + merging with current database. it's EXTREMELY RISKY, very low chance of success and is guaranteed to cause epo issues. You will be asking for trouble.


                  Best is, discuss with your team or manager. Decide to carry on or simple restore. can you afford to lose 1 week of data vs 1 year and just move on. management will probably forgive an unintended mistake or if data isn't THAT critical but experimenting and damaging even further will not be tolerable.

                  • 6. Re: bring back threat log

                    very thanks, I checked the date of my back up and  I saw the sql agent was disable and I have only one back up for 1 year ago I get the full back up now. does it contains old in formations? because I need to check threat log for one year and so in my new back up when I get a query can I find the threats about one of my clients??

                    would u please help me what schedule is suitable to get backup in two sub-plan for full backup and clear one?