Running Offline Pruning on the Filenames or Pathnames Tables
search cancel

Running Offline Pruning on the Filenames or Pathnames Tables

book

Article ID: 370589

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps to run the offline pruning of the filenames or pathnames tables

Environment

App Control Server: All Supported Versions

Cause

  • Offline pruning of the filenames or pathnames tables should be done when those tables are near or have reached their limit of 2.14 Billion rows.
  • Offline pruning is also recommended when the filenames or pathnames tables have grown too big and have a large percentage of orphaned data thus causing performance and disk space issues

Resolution

    1. Open a support case to obtain the relevant pruning script for the table/server version being pruned
    2. Plan for a 24-hour maintenance window
    3. Make a full backup of the DAS database
    4. Login to the server with the App C service account
    5. Stop any AppC Agents running on the AppC Server itself to prevent Tamper Protection blocks.
    6. Stop the AppC Server and Reporter services
      • Any SQL services accessing the DAS database should also be stopped  (e.g. SQL Job Agent, Backup, Reporting, etc).
    7. Open the OfflineFilePathnamePruning.zip
    8. Double click the "RunOfflinePruning.bat (do not use "Run as Administrator")
      • On step 1 type the SQL Server\SQL Instance name (for local single-tier DB use a single dot . )
      • On step 2 choose to continue.
    9. When finished, copy the output of the command line window to a text file before closing it
      • If you need to reclaim file/pathname IDs for re-use follow the steps provided by Support
      • If you need to free up disk space follow the steps in this KB
    10. To reclaim filename/pathname IDs for re-use, one must execute the UnusedFilenames/Pathnames SQL stored procedures.
    11. Open SQL Management Studio and in a new query window execute the following commands against the DAS database while the AppC Server and Reporter are still stopped.
      • For 8.10.4 and higher: 
        USE das; EXEC dbo.UnusedFilenameIdFinder 0;
USE das; EXEC dbo.UnusedPathnameIdFinder 0;
      • For 8.10.0 and prior, go to Support.php > Scheduled Tasks > Note the scheduled task id for UnusedFilenames/Pathnames tasks > Use this scheduled taks id, e.g. 47, and plug it in below: 
        USE das; EXEC dbo.UnusedFilenameIdFinder 47; 
        USE das; EXEC dbo.UnusedPathnameIdFinder 48;
      • This will execute the tasks
    12. Start the AppC Server and Reporter service and any SQL services previously stopped and verify everything works.
Powered by Wolken Software