1 2 Previous Next 10 Replies Latest reply on Sep 14, 2016 10:16 AM by NitroCircus

    EPO 5.3.1 upgrade from 5.1.1 - generating 5000+ Audit logs per hour




      After a successful upgrade from EPO 5.1.1 to 5.3.1, we noticed a hick up where just a few hours after the upgrade the McAfee ePolicy Orchestartor 5.3.1 Application Server had stopped. Restarted the service and logged in fine. For a brief moment settings, policies, system tree and dashboards were missing but eventually everything loaded fine within less than minute. I looked at the audit log and found over 5000 logged system/blank entries(see pic bellow) with no detail information other than "Notify Agent(s)" and weather it was successful or not.



      I contacted McAfee platinum support and showed them the findings. After looking at the Orion log, the database( hosted on SQL cluster) they could not find a culprit.


      Tried disabling all Server Tasks and ran this way for at least few hours and saw no drop in logs.


      Products are as follows:

      Agent: 5.0.1 and some 5.0.2

      VSE 8.8 Patch 6

      FDE 7.1.3

      RME 4.3.1

      Deep command 2,2 (testing, not deployed)

      DLP (small POC)

      TIE/DXL (small POC)


      Our build is running on VMs, 2012 servers. Main EPO has 8 CPUs, 32 GB RAM and plenty of storage. Database is hosted on SQL cluster

      We have 3 additional AgentHandlers with direct access to DB

      We also have 1 TIE write only Master, 2 Reporters, and 3 DXL Brokers(1 in DMZ)


      Can anyone shed any light as to what might be causing this?


        1 2 Previous Next