4 Replies Latest reply on Oct 15, 2012 11:36 AM by JoeBidgood

    Number of client events to keep


      We have only been keeping 30 days worth of client events from our ~16,000 machines but we have had a request to keep all of the client events for a full year. I know this will add a considerable amount of data to our ePO SQL database but how much more? I would appreciate it if someone could point me to an approximate figure for this. We are currently running ePO 4.5.4, McAfee agent, VSE 8.8, HIPS 8.0 P1, and EEPC 6.2. Windows Server 2003 and SQL 2005. I do have plans to upgrade to ePO 4.6 and Windows Server 2008 with SQL 2008 as well. How much data do others keep in the ePO Database? I seem to remember having 3 months worth in their at one time and the ePO interfaced crawled and it was almost impossible to navigate.

        • 1. Re: Number of client events to keep

          Client events aren't really worth anything past a month. Someone asking you to keep a year's worth is ignorant of what they are.

          • 2. Re: Number of client events to keep

            Thanks for your response Peter. I refered to the wrong type of event in my original message. What I should have said was Threat Event not Client Event. Everything else in the original message applies but just switch Client Event to Threat Event. Would that change your response?  Thanks again.

            • 3. Re: Number of client events to keep



              It would be difficult to provide an accurate inforamation about the data collected by the products. In ePO you can enable/disable the events forwarded from the clients for each product which actually controls the number of events pushed to database, ePO console->Menu->Settings->Server settings->Event filtering.


              Download "Hardware Sizing and Bandwidth Usage Guide" and refer section "How products and events affect calculations". Hope that helps you.


              PD23282 - Seach at kc.mcafee.com

              • 4. Re: Number of client events to keep

                There's certainly valid reasons for keeping threat event data for a reasonable period, but - obviously - retaining more data has significant implications for the SQL side of things. You'll need not only more disk to actually store the data, but you'll also need to pay more attention to database maintenance as the indexes on the tables related to the threat events will become proportionately larger. It's definitely not a simple case of "the database will get twelve times larger."


                Ultimately it's down to your environment, but if you have the SQL resources to handle the additional load, then it's probably data worth having.


                HTH -