Using PurgeDB with Enterprise Console 4.x and Sophos Control Center 4
NOTE: Due to an issue in Enterprise Console 4, PurgeDB.exe was not able to run on a 64-bit operating system with Enterprise Console 4 installed. This issue was fixed in Enterprise Console 4.5.
CAUTION: You must ensure that the database is backed up before using this tool.
What to do
1. Open a command line (Start|Run|type cmd and then press the enter key).
2. Type the following command, followed by the Enter key.Purgedb.exe -help
NOTE: The default location for Purgedb.exe is...
- Enterprise Console: C:\Program Files\Sophos\Enterprise Console\purgeDB.exe
- Control Center: C:\Program Files\Sophos\SCC\purgeDB.exe
The program will return the following information:
PurgeDB [-action=<action>] [-category=<category>] [-HistoryLengthInDays=<LengthInDays>] [-type=<type>] [-code=<code>] [-help]
Command line switches
| <action> | The action to be performed by the tool. |
| Allowed values: purge (default), delete. | Purge: • Non-managed computer added to the database before the specified history length will be removed. • Non-managed deleted computer will be removed • Any managed computer which has not sent a message for longer than the specified history length and has no alerts, events or errors associated with it will be removed. • Any managed computer which is marked as deleted and has no alerts, events or errors associated with it will be removed. Delete: • Non-managed computer added to the database before the specified history length will be deleted. • Non-managed deleted computer will be deleted. • Any Managed computer which has not sent a message for longer than the specified history length will be deleted along with any other entries associated with it (errors, events, alerts, policies, states etc) The "delete" action should only be used when specifically asked to do so by Sophos Technical Support. If the "delete" action is used, it requires specifying explicitly both <category> and <type>. |
| <category> | The category qualifier restricts an action to the specified category of entries. |
| Valid categories: "alerts", "errors", "events", "computers". | By default, the action is performed on all categories. If <category> is specified, <history length> must also be specified. |
| <history length> | The oldest entry timestamp to remain after action is performed. It must be specified when either <action> or <category> are specified. |
| The value is the number of days before today, eg. -HistoryLengthInDays=100 | |
| <type> | Optional qualifier that sets a higher granularity filter by type of a particular category. |
| Valid types by category: alerts: Virus, PUA, SuspFile, SuspBehaviour events: DataControl, DeviceControl, ApplicationControl, Firewall errors: AutoUpdate, SAV, SCF, SUM, SUMAlert | If this qualifier is specified then the <category> qualifier must be specified too. Currently the qualifier is not supported for category "computers". |
| <code> | For the "error" category, <code > is an optional message code qualifier. It allows for specific error codes to be purged/deleted. |
Examples of use
If a client is showing the error:Code: 0000006bDescription: Download of Sophos AutoUpdate failed from server \\[address]\SophosUpdate\CIDs\S000\ESXP\
Providing that the time of the alert is older than 10 days ago, you could delete this error by running:PurgeDB.exe -action=delete -category=errors -HistoryLengthInDays=10 -type=AutoUpdate -code=107
NOTE: In the database (“Errors” table) the error has a decimal value rather than the hex value that is displayed by Enterprise Console.
PurgeDB.exe takes the decimal value rather than the hex value so we suggest using a calculator (calc.exe) to convert the hex value as displayed into the decimal value you would need to pass to PurgeDB.exe.
Refer also to the knowledgebase article: PurgeDB.exe fails to purge or delete SUM errors and alerts.
If you need more information or guidance, then please contact technical support.
- Article ID: 109884
- Created: 8 Jan 2010
- Last updated: 17 Jul 2011
