This article describes PurgeDB.exe which is the database maintenance tool for content data in Enterprise Console and Sophos Control Center.
Note: Due to an issue in Enterprise Console 4, PurgeDB.exe was not able to run on a 64-bit operating system with Enterprise Console 4 installed. This issue was fixed in Enterprise Console 4.5.
Warning: It is strongly recommended that the database is backed up before using this tool. For more information on how to backup your databases, see article: 110380.
Known to apply to the following Sophos product(s) and version(s)
Sophos Control Center 4.0.0
Enterprise Console 4.5.0
Enterprise Console 4.7.0
Enterprise Console 5.0.0
Sophos Control Center 4.1
Enterprise Console 5.1.0
Enterprise Console 5.2.0
What to do
Locate the tool
The default location for PurgeDB.exe is:
- Enterprise Console: C:\Program Files\Sophos\Enterprise Console\PurgeDB.exe
- Control Center: C:\Program Files\Sophos\SCC\PurgeDB.exe
Note: 'Program Files' is 'Program Files (x86)' on 64-bit systems.
Running the tool
- Open a command prompt (Start | Run | Type:
cmd.exe | Press return).
- Change directory to the folder containing the PurgeDB.exe program. For example:
cd "C:\Program Files (x86)\Sophos\Enterprise Console"
Note: See 'Locate the tool' section above for the right folder path.
- Type the following command to show the usage options:
purgedb.exe -help
The program will return the following information (text may vary based on the version in use):
PurgeDB [-action=<action>] [-category=<category>] [-HistoryLengthInDays=<history length>] [-type=<type>] [-code=<code>] [-help]
Command line switches
| Parameter | Possible values | Description |
| <action> | purge (default)
delete | Purge:
• Non-managed computer added to the database before the specified history length will be removed.
• Non-managed deleted computer will be removed
• Any managed computer which has not sent a message for longer than the specified history length and has no alerts, events or errors associated with it will be removed.
• Any managed computer which is marked as deleted and has no alerts, events or errors associated with it will be removed.
• Any outstanding errors older than 14 days are automatically acknowledged (SEC 5.0+)
Delete:
• Non-managed computer added to the database before the specified history length will be deleted.
• Non-managed deleted computer will be deleted.
• Any managed computer which has not sent a message for longer than the specified history length will be deleted along with any other entries associated with it (errors, events, alerts, policies, states, etc.)
The "delete" action should only be used when specifically asked to do so by Sophos Technical Support.
If the "delete" action is used, it requires specifying explicitly both <category> and <type>. |
| <category> |
alerts
errors
events
computers
threatMasterList
agentStatus
encryptionSessions
auditing
| The category qualifier restricts an action to the specified category of entries.
By default, the action is performed on all categories apart from 'auditing'. Auditing should be called specifically on its own by running:
PurgeDB.exe -category=auditing
If <category> is specified, <history length> must also be specified apart from auditing as per the above example command.
|
| <history length> | (integer number) | The oldest entry timestamp to remain after action is performed. It must be specified when either <action> or <category> are specified.
The value is the number of days before today, e.g., -HistoryLengthInDays=100
|
| <type> | • For category=alerts:
Virus
PUA
SuspFile
SuspBehavior • For category=events:
DataControl
DeviceControl
ApplicationControl
Firewall
Web
Encryption • For category=errors:
AutoUpdate
SAV
Firewall
SUM
SUMAlert
Patch
Encryption • For category=agentStatus:
AutoUpdate
SAV
Firewall
Patch
Encryption
NAC
Web | If this qualifier is specified then the <category> qualifier must be specified too.
Currently the qualifier is not supported for category "computers". |
| <code> | (error code as stored in database) | For the "error" category, <code> is an optional message code qualifier. It allows for specific error codes to be purged/deleted. See example and note at the end of this article for further information. |
Examples of use
PurgeDB.exe
Purges all categories and types using default history length of 12 months. The default history length can be changed in the console, under 'Tools' - 'Configure reporting...'.
If an endpoint computer is showing the error:
Code: 0000006b
Description: Download of Sophos AutoUpdate failed from server \\[address]\SophosUpdate\CIDs\S000\ESXP\
Providing that the time of the alert is more than 10 days ago, you can delete this error by running:
purgedb.exe -action=delete -category=errors -HistoryLengthInDays=10 -type=AutoUpdate -code=107
Note: In the database ("Errors" table) the error has a decimal value rather than the hex value that is displayed by Enterprise Console. PurgeDB.exe takes the decimal value rather than the hex value so we suggest using a calculator (calc.exe) to convert the hex value as displayed into the decimal value you would need to pass to PurgeDB.exe.
Refer also to the knowledgebase article: PurgeDB.exe fails to purge or delete SUM errors and alerts.
