Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 16 subscribers
  • Views 10398 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Excalibur.db file Size

flomb

On one of our Windows SQL Servers we ran out of Disk Space and noticed that C:\ProgramData\HitmanPro.Alert\excalibur.db  has a size of 17 GB wheres it only around 30 MB on other machines. 
What could be a reason?
Is it possible to delete this file?



This thread was automatically locked due to age.
Parents
  • +1

    Hi  

    The Excalibur.db file is required for threat analysis. This is used in both Intercept X and root cause analysis in the central administration portal. The Excalibur.db is a SQL Lite database for Hitman Pro.

    Originally, the file would periodically run cleanup to remove the oldest entries in the file so that it would not grow in size at such a fast rate, however, in some cases, this does not occur. You can stop the "HitmanPro.Alert" service then rename/delete/backup excalibur.db & when you restart the services it will be re-created.

    Also, a reboot should also help you with your issue. The file should be automatically recreated much smaller. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to Shweta

    Thanks, this helped me as I had a server where the file was in excess of 40GB which I have now cleared as per your instructions.

    Can you please advise what a 'normal' size range for this file should be.

    I intend to add this file to our monitoring solution to alert if the file becomes excessive. On most of our servers the file is between 50MB and 100MB. Would it be reasonable to set an alert threshold of 1GB for this file, or are there times when the file may be genuinely this large?

  • 0 in reply to Graeme Evans

    I think there are some registry keys to control the trimming of the database. I.e. how often it runs the clean-up, how much to retain and how much to trim on each parse.  They can be set under: HKLM\Software\HitmanPro.Alert

    There are 3 REG_SZ values:

    • ExcaliburCleanupPollPeriod - Value in seconds, representing the period of time that should elapse between each attempt to clean up. Default is equivalent of 10 minutes.

    • ExcaliburDefaultCutOff - Value in seconds, representing age before which any record is deleted. Default is seconds equivalent of 90 days (so roughly 3 months).

    • ExcaliburCleanupRowLimit - V3.8.0+, the number of rows that will be deleted on each pass. 0 represents "delete all matching rows" (unlimited).

    Maybe something to be aware of.

Reply
  • 0 in reply to Graeme Evans

    I think there are some registry keys to control the trimming of the database. I.e. how often it runs the clean-up, how much to retain and how much to trim on each parse.  They can be set under: HKLM\Software\HitmanPro.Alert

    There are 3 REG_SZ values:

    • ExcaliburCleanupPollPeriod - Value in seconds, representing the period of time that should elapse between each attempt to clean up. Default is equivalent of 10 minutes.

    • ExcaliburDefaultCutOff - Value in seconds, representing age before which any record is deleted. Default is seconds equivalent of 90 days (so roughly 3 months).

    • ExcaliburCleanupRowLimit - V3.8.0+, the number of rows that will be deleted on each pass. 0 represents "delete all matching rows" (unlimited).

    Maybe something to be aware of.

Children
No Data
Unfiltered HTML