Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 24536 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do you delete web events for a single computer?

In atThe Deep End

I've been told to remove specific web events for a single computer  - we're reusing the name and it keeps getting old events assigned to it.

I realise I cant do this in the console. Now I have very basic SQL but this is what I was going to do

stop the following services

Sophos Management Service

Sophos Encryption Business Logic Service

Sophos Patch Endpoint Communicator Service

and backup the database with backdb.bat

Then open SQL Mgmt Studio and browse to the database. I know enough that I've been able to run some queries to get the ComputerID. If I run this query it actually returns everything I want to delete

select * from Events_Web WHERE ComputerID = XXX AND Name = 'Mal/whatever'

Is it as simple as running

DELETE from Events_Web WHERE ComputerID = XXX AND Name = 'Mal/whatever'

and restarting my services?

Thanks



This thread was automatically locked due to age.
  • 0

    Hello IaTDE,

    is whoever told you to delete the events aware that this is unsupported?

    Did I say that writes to the database are unsupported?

    Delete the ComputerName from ComputersAndDeletedComputers, it will take all associated events and alerts with it. No need to stop the services BTW.

    Christian

  • 0 in reply to QC

    Thanks for the quick response. Yes they know it's unsupported but he's a manager who doesn't want to have to explain that the web events weren't his!

    Deleting the record altogether and just letting a new one be created sounds like a much cleaner solution than cleaning out individual records.
     Is this the line I need?

    DELETE FROM ComputersAndDeletedComputers WHERE Name='xxx'

    I was stopping the services above in order to run the backup - is that not necessary?

    Thanks

  • 0 in reply to In atThe Deep End

    Hello IaTDE,

    a manager who doesn't want to have to explain
    [:D] I like these guys (says a lot about and management), but I digress.

    stopping services to backup
    not absolutely necessary - the database server ensures consistency.

    DELETE FROM ...
    yes, but please note that there might be other computers with the same name, this is valid if they have a sufficiently different OS version or a different domain/workgroup. There could also be deleted computers with the same name (deleted from SEC is a flag) though likely deleting them from the database is not a loss. Apparently the old one's data is irrelevant and, as said, deleting a computer will also delete all its related data.

    Christian 

Unfiltered HTML