Very slow Events Browsing. How do you abort a query???
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
RE: Very slow Events Browsing. How do you abort a quer... - 22.May2007 8:30:35 AM
|
|
|
Arielle
Posts: 294
Score: 0
Joined: 15.Sep.2006
Status: offline
|
Hi bradxray,
If you are monitoring 130 servers it is expected that the query will take some time. It is also normal for EventsManager to take longer than the SQL Query Analyzer since there are other things to consider. How many events do you currently have in the EventsManager database?
As for your suggestion to abort a query in the Events Browser, we will add this to the feature request list.
Thanks.
_____________________________
Arielle Bonnici - Quality Metrics Analyst
GFI Software - www.gfi.com
|
|
|
|
|
RE: Very slow Events Browsing. How do you abort a quer... - 22.May2007 11:37:14 AM
|
|
|
Zergster
Posts: 27
Score: 0
Joined: 4.Mar.2007
Status: offline
|
We also observe slowness due to the volume of events we have. I would welcome this feature--more granular control of refreshing.
|
|
|
|
|
RE: Very slow Events Browsing. How do you abort a quer... - 22.May2007 2:27:38 PM
|
|
|
bradxray
Posts: 14
Score: 0
Status: offline
|
We have 16 million security events. That is 30 days worth.
I have to use SQL instead of the EventMgr Query, because the more specific you are in the EventMgr Query the longer it takes. This is the opposit of SQL.
In EventMgr, searching for every event for a particular server is fast, but wrothless. If I search for a specific event ID ,on a specific date, at a specific time, from a specific server,... then it is time for a coffee break. 5-10 minutes later, I might have my data.
In SQL, searching for every event for a particular server is slow, but I can cancel the query. If I search for the same data above, it takes about 3 seconds.
It would also be nice to have an "execute query" button, instead of automatic execution each time the query focus changes.
|
|
|
|
|
RE: Very slow Events Browsing. How do you abort a quer... - 25.May2007 3:10:04 AM
|
|
|
Nicks
Posts: 2741
Score: 0
Joined: 17.Mar.2003
Status: offline
|
Hi,
1. Which version and build of GFI EventsManager are you using? You can retreive the information from EventsManager -> General -?> Version Information.
2. Which tool are they really using to compare and what the exact time to execute the query is. SQL Query Analyzer should return the precise execution time.
3. Also, are both EventsManager and the other tool used to query SQL both running on the same machine?
Thank you.
_____________________________
Nicholas Sciberras
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: Very slow Events Browsing. How do you abort a quer... - 25.May2007 8:01:33 AM
|
|
|
bradxray
Posts: 14
Score: 0
Status: offline
|
Hi,
1. GFI EventsManager 7.1 , Version: 7.1.1 , Build:20070503
2. I am not sure what you mean by "they". I am using the GFI Event Manager "Windows Events Browser" screen and Microsoft SQL 2005 "SQL Server Management Studio". GFI doesn't tell you how long it takes (might be a nice feature to add). When I time it with my watch, it takes 8 minutes and 43 seconds for the query I just ran. In "SQL Server Management Studio", it takes 3 seconds. Sorry, they don't show the tenths of a second. With a difference of 8 minutes and 40 seconds, I don't think it really matters how "exact" you are. In general, the SQL tool takes 1-3 seconds and the GFI tools takes 5-10 minutes.
3. Yes. The GFI EventMGR and SQL 2005 are both on the same machine and I am not running any queries across the network.
|
|
|
|
|
RE: Very slow Events Browsing. How do you abort a quer... - 4.Jun.2007 5:14:20 AM
|
|
|
Patrizia
Posts: 8474
Score: 0
Joined: 18.Aug.2003
From: Malta
Status: offline
|
This issue is currently being handled by e-mail support. The reference number(s) used are:
155747 - bradxray
NOTE: We have sent you an email on the address that you have registered over the forums with.
Should you require any updates or further information, kindly contact us using the support form at the following link:
http://support.gfi.com/supportrequestform.asp
_____________________________
Patrizia Caruana
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: Very slow Events Browsing. How do you abort a quer... - 4.Jun.2007 12:12:28 PM
|
|
|
jorgeg
Posts: 26
Score: 0
Joined: 14.Nov.2006
Status: offline
|
We had experienced the same issue with the query responds time. What we decided to do was to run the GFI Eventsmanager reports against any of devices and use the rule names to manage our Servers and syslog devices.
If there is correction for the query performance please let us know
Jorge
|
|
|
|
|
RE: Very slow Events Browsing. How do you abort a quer... - 4.Jun.2007 3:16:38 PM
|
|
|
peter.berger@genexservice
Posts: 35
Score: 0
Joined: 6.Apr.2005
Status: offline
|
We also have a dozen UX/Linux machines and 125 Windows servers, collecting Event Logs for 30 days in the primary database (I have EM maintenance run every night to purge data older than 30 days to the backup database).
We also have the same 5-10 minutes of lagtime in browsing events -- and yes it would be nice to have it not autoexecute the searches, as I'm simply interested in looking at our custom query which only shows events in the last 24hrs.
The EM server is the latest version and is a virtual server running Windows 2003 R2 SP2 in a VMWare ESX Resource Pool which will allow it to use up to 32GB RAM or up to 1 full CPU (3Ghz).
|
|
|
|
|
RE: Very slow Events Browsing. How do you abort a quer... - 12.Jun.2007 8:42:51 AM
|
|
|
mdonoghue
Posts: 7
Score: 0
Joined: 12.Jun.2007
Status: offline
|
We are having the exam same problem. I spoke to our DB guy and he suggested creating Indexes when your first setup or GFI needs to create indexs to bring down the search times.
I would love a fix to the time it takes to query the events manager database.
|
|
|
|
|
RE: Very slow Events Browsing. How do you abort a quer... - 27.Oct.2007 1:53:57 PM
|
|
|
TGREG
Posts: 4
Score: 0
Joined: 27.Oct.2007
Status: offline
|
It sounds like we all have the same issue here and this is one I would love to see fixed soon. I’m using the latest build of EM and were monitoring 130+ servers. I have EM configured to move everything older than 7 days to a backup database every night. Despite this, running queries in the Events Browser are still painfully slow. An example of this is running a simple query that shows events 540 from one specific server and specific date. After 5-10 painful minutes the query returns 40 events. Then if I choose to sort those 40 events in ascending order by clicking on the Time column it takes another ridiculous 5-10 minutes. It's almost like its sorting every event in the entire database and not just the 40 events which are displayed.
EM and the databases are running on a server with dual 3.0 GHz CPUs with 4GB of memory.
|
|
|
|
|
RE: Very slow Events Browsing. How do you abort a quer... - 1.Nov.2007 4:06:09 AM
|
|
|
Mark Busuttil
Posts: 4836
Score: 0
Joined: 16.Oct.2005
Status: offline
|
Hi,
Which version and build of GFI EventsManager are you using? You can retreive the information from EventsManager -> General -?> Version Information.
Can you please clarify what is the size of the database in question?
Thank you!
_____________________________
Regards,
Mark Busuttil
GFI Software Ltd - www.gfi.com
Messaging, Content Security & Network Security Software
GFI: MailEssentials - MailSecurity - MailArchiver - FAXmaker - LANguard – WebMonitor
|
|
|
|
|
RE: Very slow Events Browsing. How do you abort a quer... - 2.Nov.2007 1:04:22 PM
|
|
|
jorgeg
Posts: 26
Score: 0
Joined: 14.Nov.2006
Status: offline
|
Our current Version 7.1.1 Build 20070216 Database size is only 11GB. We have overcome the limitation by keeping the events to under 300k events.
Our Current build seems to be more stable.
Jorge
|
|
|
|
|
RE: Very slow Events Browsing. How do you abort a quer... - 5.Nov.2007 11:23:38 AM
|
|
|
Mark Busuttil
Posts: 4836
Score: 0
Joined: 16.Oct.2005
Status: offline
|
Thank you for your update!
_____________________________
Regards,
Mark Busuttil
GFI Software Ltd - www.gfi.com
Messaging, Content Security & Network Security Software
GFI: MailEssentials - MailSecurity - MailArchiver - FAXmaker - LANguard – WebMonitor
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
Very slow Events Browsing. How do you abort a query??? - 
I have already forgotten what I was looking for by the time it comes back. Does anyone know how to abort a query that you accidentally start? 
