This content has been marked as final. Show 11 replies
of course I should have posted here before, after hours of nothing now its working
I didnt change anything so I have no clue why its working now sad
When my DB reached 20Gb I had that problem.
My solution was to contact Mcafee support and ask for a SQL query that would delete the old events.
Try to open a case and mention the error. They will send you the sql query.
You can try do disable some events from being forwarded to the DB, thus saving space and improving speed.
For example, on my DB the event on the top count is 'scan time exceeded' which happens when the OAS hits an .class, .zip, .rar file. This events can be usefull if you're tunning the VSE exceptions, but after a while you can disable them.
well that was short lived, it died shortly after, and then after what I did below I realized the numbers it was giving me was off by a TON !!!
I did this after doing some reading around, this is in SQL 2005
inside MS SQL server management studio
goto databases, EPO4_servername, right click pick new query, type in TRUNCATE TABLE dbo.EPOEvents and then clikc the execute button
it took seconds and it was done
there were over 3 MILLION records in mine :(
so it went from 12GB to 95MB !!! now its just a BIT faster lol
this dumps all your data in the event log so you will lose data in your dashboard such as the default Malware detection history, but obviously it will rebuild again over time
Probably most events are the result of Access protection in VSE. You might want to disable some rules there, or filter events that are generated as a result from it within Configuration > Server Settings.
yeah no kidding I already looked through and killed a bunch of them but I have a ton of 1096 events for firewall but its not in there to remove it?
Desktop Firewall? That isn't supported in ePO 4, so that's probably why you cannot filter those. Maybe it's possible to add the Host Intrusion Prevention 7.0 extension to be able to filter the same event id's, but I would strongly suggest upgrading to HIPS 7.0 anyway.
I have no idea what firewall its talking about because there is no firewall on the machines, its saying that the windows cluster software is a firewall :(
don't get it
Event Category: Firewall detected
Event ID: 1096
Threat Severity: Notice
Threat Name: User-defined Rules:Prevent mass mailing worms from sending mail
Threat Type: access protection
Action Taken: would block
Threat Handled: true
Analyzer Detection Method: OAS
its saying that you have a user specified rule to block mass mailing within your VSE access protection policies and this is being constantly triggered and then passed on to EPO as events.
just exempt this event from being gathered by EPO
edit (bottom right)
edit out the ones you dont want
thats the part I dont get, when I go in there I have tons of things obviously but it goes
1094 : port blocking
1095: access protecction
1099: buffer overflow
there is nothing there for 1096 so I cant exclude it :(
is there a way to add it in so I can exclude it? or is there another way around this?