Video Screencast Help

How does the Sweep function work?

Created: 26 Jun 2009 • Updated: 29 Jun 2009 | 2 comments
Language Translations
Aniket Amdekar's picture
+8 8 Votes
Login to vote

The database sweep function can be triggered manually or automatically. It is triggered automatically when the number of records exceeds the value entered on the Policy Manager, or exceeds the time limit listed on the Policy Manager.

The sweep function works by using two tables for each log type. The server will start out by putting logs into one of the tables (call it Table1).

Once the sweep gets done the server will switch to use the second table (call it Table2) and start storing any new logs into this second table.

Before the server switches to Table2 it will remove all logs from Table2.  Table1 will still have all the logs it collected. Then once the sweep function is run again the server will switch back to Table1, removing all logs from Table1, but keeping the logs that were collected during the time it was using Table2. The server will basically switch back and forth between these two tables each time the sweep function is called, clearing that one table before using it.

After you configure database maintenance options from the Admin > Servers page, on the Database tab of the Site Properties dialog box in the Symantec Endpoint Protection Manager Console, the new options are not picked up by the database maintenance task. To have the options take effect, you can stop and start the database maintenance task by typing the following URLs in this order from a web browser located on the Symantec Endpoint Protection Manager server:

To stop a database maintainance task:
https://localhost:8443/servlet/ConsoleServlet?ActionType=ConfigServer&action=StopTask&task=AgentSweepingTask

To start  a database maintainance task
https://localhost:8443/servlet/ConsoleServlet?ActionType=ConfigServer&action=StartTask&task=AgentSweepingTask

Alternatively, you can log out of the console and restart the Symantec Endpoint Protection Manager service from the Task Manager.

Comments 2 CommentsJump to latest comment

John Cooperfield's picture

Are there any changes for SEP 12.1 ?

 

These are the SEP 11 steps I used (after enabling it)

  • Stop the SEPM service if running.  Open TaskManager.
  • Start the SEPM service.    
  • Log on to the SEPM and navigate to   >  Admin  >  Servers.  
  • Watch the yellow system log to see when these messages display:  “Database Maintenance finished ” and  “System administrative logs have been swept.”  
  • When complete per the yellow System Log, check the DB size at \Program Files\Symantec\SEPM\db

 

I recall that in SEP 11 it always happens at midnight (SEPM time) as well.

 

Thanks for the article.

 

0
Login to vote