you should be able to do this automatically trough a scheduled server task within ePO to purge old events and a sql maintenance plan.
More information about the maintenance plan can be found here:
can you please elobrate some steps which i need to perform in EPO server.
Login to ePO.
Go to Server Tasks
If there is no purge task here, create a new task
Give the task a easy to identifiable name and press next.
As Actions select Purge Audit Log and set the purge older the 1 Month (this is an example, you may want to keep the events longer than 1 month)
press the + symbol on the far right and continue adding the listed purge actions until they are all added to the task and press next
Within the Schedule you are able to let this run every night, but make sure that this task runs before your sql maintenance plan and press next.
Did purging the task from EPO server can also reduce the sql Database size? or i need to manually work with sql server to reduce the size.
No, the size will remain the same because even an empty cell within the database will take up some space.
you still need to run a maintenance plan and let the database shrink to reduce the size.
Remove old events and shrinking DB is clear now, but does anybody have a good solution to archiving old events. For example, we have policy that we have to keep old events for 7 years and keeping them all in ePO DB is not reasonable, because DB will be so big and finally so slow and not usable at all. Also we should be able to use and search those archived events also. Once I asked from McAfee kind of offload db for ePO, but haven't heard anything jet. Currently we are considering two approach: one is to backup full DB and then delete all old events from running DB. If you want use old events, you just restore old ePO DB and use that. Another option is to export events to TXT file and archive that. The bad thing here is that if you want to do more complex search from that archived then you probably need to import that txt to some DB.
Any thoughts about that topic?
The problem with your first solution is that if you want to restore the db, it needs to be at the same patch level als your <install dir> \McAfee\ePolicy Orchestrator\db\ directory.
So with the given options, i would try to export the events to a csv file.
It's easyer to search in excel than notepad
This ePO Db backup restore - I forgot to mention the issue that ePO version could change and the idea itself was to backup restore ePO SQL DB and all those queries we can run against ePO SQL DB directly. Those queries we can take from ePO GUI as SQL like queries. This is not as easy as from ePO GUI, but at least we have all event information. Right now that export to txt/cvs sounds even more reasonable. The only thing here is that we need to compile query that includes all needed/useful information about events. Has somebody don that and has any suggestions about that query?
If I back up the database nightly, but then set a purge task of 30 days - what is the easiest way to perform queries for eg 3 months ago?
What's the easiest way to re-import data back into EPO?