6 Replies Latest reply on Apr 13, 2015 10:46 AM by ansarias

    Reporting ePO with couple ePO SQL databases


      Hi Everyone,


      we have 5 different ePO within our organization and we do receive reports from each one which makes us trouble to review. Also number of files we manage and process is a bit of pain.

      So we have:

      ePO 4.5

      2 x ePO 4.6

      ePO 5.0

      ePO 5.1


      also installed products are different on them as 4.5 cannot run all products what 5.1 can do. So we are looking to create one SQL database and separated ePO connected to it for reporting / queries purposes which will give us complete infrastructure overview.

      I believe we have to pull database on daily basis from each ePO to one reporting database however I am not sure what are the tables and how this will be mapped. Can you please advice that you maybe had an experience with this? How shall we plan this? Do I need create table with each installed product on every ePO and check the mapping? Any ideas?




        • 1. Re: Reporting ePO with couple ePO SQL databases


          i would prefer the McAfee SIEM solution to connect to every supported EPO Server database.


          You can use the "EPO Rollup Data" functionality, but there are two things you should thing about.

          - RollUp Data does not cover any event in detail

          - RollUp Data is not possible with every EPO Server version (my point of information


          We did a internal POC with a 3rd Party software to forward the EPO threat events to one single system. The problem is, depending on the EPO server version and the extension version, the database entries are changing.



          • 2. Re: Reporting ePO with couple ePO SQL databases

            Thanks for the suggestion however there is no point us to purchase another product. Also SIEM is wide product I would require implementation within the business and integrate with current products we use.

            We just need a little other functionality we currently have and I agree that SIEM could be best from logs / events perspective. Any suggestion how we can approach that with ePO and SQL server? Shall we push from each ePO or rather pull? Shall we copy full tables or just select columns. Many questions around ;-) Trying to find proof of concept.


            Thanks for any suggestion here!


            • 3. Re: Reporting ePO with couple ePO SQL databases

              You can do it through ePO Roll Up Data option.


              I may be wrong but you can try to add remaining all ePO server as registered server in ePO 5.1, where make sure you have all extensions added which other ePO servers are having.


              ePO 4.5

              2 x ePO 4.6

              ePO 5.0

              ePO 5.1 - Add other ePO servers as registered servers.


              Few steps need to perform on 5.1 ePO console.


              • Register all ePO server in 5.1 as registered ePO server. Menu > Configuration > Registered server, Where you need all ePO sitelist.xml file, SQL instance name and SQL admin authentication details.
              • Create a new server task and select action as Roll Up Data and select all ePO server where schedule as daily one time.
                ScreenShot_ 20.25 01-Apr-15.jpg
              • Now go to ePO queries and navigate to roll up data where you can create all required reports of all ePO in one single console.

              Hope this will help.

              • 4. Re: Reporting ePO with couple ePO SQL databases

                This seems to be a great idea. I will dig in and get back here next week. We going to deploy Reporting ePO 5.1.1 shortly and will check that method out. Thanks ansarias

                • 5. Re: Reporting ePO with couple ePO SQL databases

                  This perfectly works. Only one tip is to create new query - you need to chose Rolled-up Targets section and there you have Rolled-up options. Thanks for the help!