Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 803 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to filter out the SSH/Updater-B from reports

jsouza
We run a monthly report for all viruses and then use that data. The SSH/Updater-B made the report over 900 pages and I think it is timing out to the database and failing to export because it is too big. We running Enterprise Console ver5.1.0.1839 and the report is: " All Computers, All Virus/Spyware Events, Last Month Week; sorted by Date. "
:35245


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    If you've completely recovered from the FP and don't wish to keep any records for it.  I.e. You've maybe followed:

    http://www.sophos.com/en-us/support/knowledgebase/118324.aspx to export a list of files affected incase you need to take any action...  you could just clear the database of these alerts.  

    The following 4 SQL commands could be run against the SOPHOS 'core' database.   

    Note: For a list of database names per versions see: http://www.sophos.com/en-us/support/knowledgebase/17323.aspx,

    so you know the name of the database to run the commands against.  I.e. if you're running SEC 5.1, it would be SOPHOS51.

    USE SOPHOS51
    GO
    DELETE FROM dbo.Threats WHERE ThreatName LIKE N'Shh/%'
GO

UPDATE dbo.ComputersAndDeletedComputers SET LastThreatInstanceID = dbo.ComputerLastOutstandingThreatInstanceID( ID )
GO

DELETE dbo.ThreatsArchive WHERE ThreatName LIKE N'Shh/%'
GO

DELETE dbo.ThreatEvents WHERE ThreatInstanceID NOT IN (
    SELECT ThreatInstanceID FROM dbo.Threats) 
    AND ThreatInstanceID NOT IN (
       SELECT ThreatInstanceID FROM dbo.ThreatsArchive
    )
GO

    As always, it would be a good idea to take a backup of the database first:

    http://www.sophos.com/en-us/support/knowledgebase/110380.aspx

    Regards,

    Jak

    :35281
Reply
  • 0

    Hi,

    If you've completely recovered from the FP and don't wish to keep any records for it.  I.e. You've maybe followed:

    http://www.sophos.com/en-us/support/knowledgebase/118324.aspx to export a list of files affected incase you need to take any action...  you could just clear the database of these alerts.  

    The following 4 SQL commands could be run against the SOPHOS 'core' database.   

    Note: For a list of database names per versions see: http://www.sophos.com/en-us/support/knowledgebase/17323.aspx,

    so you know the name of the database to run the commands against.  I.e. if you're running SEC 5.1, it would be SOPHOS51.

    USE SOPHOS51
    GO
    DELETE FROM dbo.Threats WHERE ThreatName LIKE N'Shh/%'
GO

UPDATE dbo.ComputersAndDeletedComputers SET LastThreatInstanceID = dbo.ComputerLastOutstandingThreatInstanceID( ID )
GO

DELETE dbo.ThreatsArchive WHERE ThreatName LIKE N'Shh/%'
GO

DELETE dbo.ThreatEvents WHERE ThreatInstanceID NOT IN (
    SELECT ThreatInstanceID FROM dbo.Threats) 
    AND ThreatInstanceID NOT IN (
       SELECT ThreatInstanceID FROM dbo.ThreatsArchive
    )
GO

    As always, it would be a good idea to take a backup of the database first:

    http://www.sophos.com/en-us/support/knowledgebase/110380.aspx

    Regards,

    Jak

    :35281
Children
No Data