Using PurgeDB with Enterprise Console and Sophos Control Center

  • ID dell'articolo: 109884
  • Aggiornato: 25 mag 2014

This article describes PurgeDB.exe which is the database maintenance tool for content data in Enterprise Console and Sophos Control Center.

Warning: It is strongly recommended that the database is backed up before using this tool.  For more information on how to backup your databases, see article 110380.

Known to apply to the following Sophos product(s) and version(s)

Sophos Control Center 4.1
Sophos Control Center 4.0.0
Enterprise Console 5.2.1 R2
Enterprise Console 5.2.1
Enterprise Console 5.2.0
Enterprise Console 5.1.0
Enterprise Console 5.0.0
Enterprise Console 4.7.0
Enterprise Console 4.5.0

What to do

Locate the tool

The default location for PurgeDB.exe is:

  • Enterprise Console: 'C:\Program Files\Sophos\Enterprise Console\PurgeDB.exe'.
  • Control Center: 'C:\Program Files\Sophos\SCC\PurgeDB.exe'.

Note: 'Program Files' is 'Program Files (x86)' on 64-bit systems.

Running the tool

  1. Open a command prompt (Start | Run | Type: cmd.exe | Press return).

  2. Change directory to the folder containing the PurgeDB.exe program.  For example:
    cd "C:\Program Files (x86)\Sophos\Enterprise Console"
    Note: See 'Locate the tool' section above for the right folder path.

  3. Type the following command to show the usage options:
    purgedb.exe -help

The program will return the following information (text may vary based on the version in use):

PurgeDB [-action=<action>] [-category=<category>] [-HistoryLengthInDays=<history length>] [-type=<type>] [-code=<code>] [-help]

Command line switches

Parameter Possible values Description
<action> purge (default)
delete
Purge:
• Non-managed computer added to the database before the specified history length will be removed.
• Non-managed deleted computer will be removed
• Any managed computer which has not sent a message for longer than the specified history length and has no alerts, events or errors associated with it will be removed.
• Any managed computer which is marked as deleted and has no alerts, events or errors associated with it will be removed.
• Any outstanding errors older than 14 days are automatically acknowledged (SEC 5.0+)


Delete:
• Non-managed computer added to the database before the specified history length will be deleted.
• Non-managed deleted computer will be deleted.
• Any managed computer which has not sent a message for longer than the specified history length will be deleted along with any other entries associated with it (errors, events, alerts, policies, states, etc.)

The "delete" action should only be used when specifically asked to do so by Sophos Technical Support.

If the "delete" action is used, it requires specifying explicitly both <category> and <type>.
<category>
alerts
errors
events
computers
threatMasterList
agentStatus
encryptionSessions
auditing

The category qualifier restricts an action to the specified category of entries.

By default, the action is performed on all categories apart from 'auditing' and 'computers'. The purging of Auditing and Computer data should be called specifically on its own by running, for example: 
PurgeDB.exe -category=auditing
PurgeDB.exe -category=computers

If <category> is specified, <history length> must also be specified apart from auditing as per the above example command.

<history length> (integer number) The oldest entry timestamp to remain after action is performed. It must be specified when either <action> or <category> are specified.
The value is the number of days before today, e.g., -HistoryLengthInDays=100
<type>

• For category=alerts:
Virus
PUA
SuspFile
SuspBehavior

• For category=events:
DataControl
DeviceControl
ApplicationControl
Firewall
Web
Encryption

• For category=errors:
AutoUpdate
SAV
Firewall             
SUM
SUMAlert
Patch
Encryption

• For category=agentStatus:
AutoUpdate
SAV
Firewall             
Patch
Encryption
NAC
Web

If this qualifier is specified then the <category> qualifier must be specified too.
Currently the qualifier is not supported for category "computers".
<code> (error code as stored in database) For the "error" category, <code> is an optional message code qualifier. It allows for specific error codes to be purged/deleted.  See example and note at the end of this article for further information.

Examples of use

PurgeDB.exe

Purges all categories and types using default history length of 12 months.  The default history length can be changed in the console, under 'Tools' - 'Configure reporting...'.

If an endpoint computer is showing the error:

Code: 0000006b
Description: Download of Sophos AutoUpdate failed from server \\[address]\SophosUpdate\CIDs\S000\ESXP\

Providing that the time of the alert is more than 10 days ago, you can delete this error by running:

purgedb.exe -action=delete -category=errors -HistoryLengthInDays=10 -type=AutoUpdate -code=107

Note: In the database ("Errors" table) the error has a decimal value rather than the hex value that is displayed by Enterprise Console. PurgeDB.exe takes the decimal value rather than the hex value so we suggest using a calculator (calc.exe) to convert the hex value as displayed into the decimal value you would need to pass to PurgeDB.exe.

 
Per maggiori informazioni o per assistenza, vi preghiamo di contattare il supporto tecnico.

Valutate l'articolo

Molto scadente Eccellente

Commenti