This certainly looks like it needs to be passed to support. As a suggestion, stop the three ePO services while you run the MER tool - we will definitely need the MER results for this.
The errors themselves are related to VSE events: please make sure you have checked in the latest VSE report extension (which is in the VSE + P3 repost package on the download site.) The report extensions are responsible for installing the event handlers that allow ePO to interpret a product's events. I don't necessarily expect this to cure the problem, but it may help.
If the size of the folder is a problem, then you can stop the services, rename the Events folder to Events_old, create a new Events folder and then start the services again. This should give you your performance back, but the folder will still fill until a proper solution is available. Once a solution is in place you'll be able to move the events into the new events folder and they'll be processed into the DB.
Hi Joe, thanks for the quick reponse. I have started rerunning the MER tool to collect the logs to forward it. Would you ned the details of the contents in the DB/Events folder? I ask as this is preventing us from providing the MER logs. Also, I have checked in the latest virusscan extention - 220.127.116.11.
We certainly won't need the entire contents of the events folder But a random selection of about 20 files would be useful - that will tell us if they're all from a particular product, or a particular event type.
Is the contents of the folder preventing the mer tool from running in some way?
When the MER tool tries to scan the /db/events folder, it eventually crashes. I think it may be related to the amount of files its checking for
Hmmm, okay - that makes sense...
If at all possible, stop the services, and move the events folder out of the ePO directory structure - put it on the root of the drive, for example. Then the mer tool won't try and scan it.
Once that's done, pipe a directory listing to a text file (e.g. dir c:\events /s > c:\events_list.txt) and send that in as well. Then you can put the events folder back where it belongs.
I have similar issue with hdlp events.Current with T3. 3-1013187244.Appreciate any suggestions.
Sometimes is more helpful to search on the communities forum than to call the TechSupport. I’ve spent more than an hour trying to explain to the T1 support guy why I couldn’t get the MER report from the ePO console server. The only advice he could provide it was to restart the EventParser service, and of course that didn’t help at all.
Thanks to your posts, I was finally able to get the MER report. Keep up the good work!
We are in the same situation. (Win2003SP2, epo4.5P3, SQL2005 fat same box)
EventParser service consuming loads of CPU. Backup gets stuck trying to backup events folder. Events folder is over 2Gb in size.
I am moving PKG, txml, etc files from the events folder to a another partition and will delete everything from Events folder. Will run MER tool and hope mcafee will be able to help (I bet they are going to tell me to patch epo to level 4)
We could not a get a reliable backup this week due to this issue.
Any other thoughts????
Hi Red Baron. This could be a couple of things. Here's what to do:
1. stop the McAfee ePO event parser service
2. rename the DB\events folder(e.g event.old)
3. create a new events folder and restart the event parser service
Once it starts monitor the event log for a while and check the event parser log(DB\logs\eventparser.log) for errors. Once you check the log, there a few different scenarios that may arise:
1. No errors - This means that you may need to add some more CPU power. This is due to your machine running at constant high-CPU utilization and there for cannot process the events in the parser. Renaming the folder would have emptied the parser files in the que allowing them to to now be processed normally.
2. Constant errors - You would have to check the log for the error code to see what's the cause but its would most likely be a corrupt extention. Re-check in all the extentions for your application versions,eg, the correct VSEreports for your version. I understand that the extentions are also backward compatible.
3. Some errors - There may be machine/s that are sending corrupt data, identify these machines and reinstall the McAfee products.
If this didnt help drop me a PM and we'll take it from there. Have you logged a call with McAfee support yet?