Database Maintenance

In order to keep Shavlik Protect operating at peak efficiency, it is important to perform periodic maintenance on your database. Shavlik Protect's database maintenance tool enables you to:

You do this by selecting Tools > Operations > Database Maintenance and then specifying exactly when and how your database maintenance tasks should be performed.

 

Note: If the options on this dialog are unavailable it probably means that another administrator currently has control over the database maintenance operations. See the Take ownership option (below) for more details.

 

Enable weekly database maintenance

If enabled, will perform database maintenance tasks on the specified day and time. The scheduled job is managed by the Shavlik Protect console service; the job cannot be tracked using the Scheduled Task Manager. Maintenance tasks should be performed after hours or on a weekend when database use is at a minimum.

If this check box is not enabled you can still configure the remaining database maintenance options on this dialog, but in order to run the maintenance task you must initiate it using the Run now button. The database maintenance tasks will not be performed on a regularly scheduled basis.

For each result type, choose at least one way to delete old results

There are two ways to delete old results:

  • Max results to keep: Enables you to specify the maximum number of patch scans, asset scans, threat scans, and script run records you want to store in the database. If the specified number is exceeded, scans will be deleted based on their age (the oldest scans are deleted first). Any patch deployments and threat remediations that are associated with the scans are also deleted. Valid values are 10 - 10,000 for each scan type.

Important! Be careful if you are using Shavlik Protect Agent on your machines. Agents report their results to the console and each result constitutes a scan. If you have many agents there is a chance of exceeding the threshold rather quickly. In this scenario you should consider using the Delete results older than (days) option.

  • Delete results older than (days): Enables you to specify the maximum number of days that patch results, asset results, threat results, event logs, and script run records are allowed to be stored in the database before being deleted. Any patch deployments and threat remediations that are associated with the scans are also deleted. Valid values are 1 - 10,000 days. As a general rule, results that are over 90 days old should be considered too old to accurately depict the current state of your organization.

If you choose to implement both methods for a result type, the method that deletes the least number of results is the one that will be used.

Example: Assume that for patch results you specify Max results to keep = 100 and Delete results older than (days) = 90. Also assume that there are 150 patch results currently stored in the database but only 10 of them have been there for more than 90 days. When the database maintenance task is run the oldest 10 results will be deleted; the 140 results that are less than 90 days old will be left alone.

About the Different Result Types

Each result type consists of the following:

  • Patch: Patch scans and any associated patch deployments

  • Asset: Asset scans

  • Threat: Threat scans and any associated threat remediations

  • ITScripts: Script run records

  • Event history: Log entries for operational events such as database maintenance and synchronization activities

  • AP: Does not apply to the Max results to keep method because Active Protection scan activity is not reported to the console. Only information about actual threat events is reported to the console by your agents.

Rebuild indexes

If enabled, each time the database maintenance task is performed it will instruct SQL Server to rebuild the database indexes after the old result data are removed. Doing so will improve the performance of your database. This is particularly valuable when deleting large amounts of data.

This option will work on any of the supported editions of SQL Server but it is best suited for use with SQL Server Express editions. If you are using a full edition of SQL Server you might consider using the SQL Server Maintenance Wizard because it provides more control and functionality.

Backup database and transaction log

If enabled, each time the database maintenance task is performed it will instruct SQL Server to create backup copies of the database and the transaction log before removing any data.

You must specify where the backup files will be written. You can use either a UNC path (for example: \\server\backup) or a local path (for example: c:\backup) to specify the backup location. The recommendation is to use a UNC path format that specifies a location on a different machine than the one currently running SQL Server. The path name you specify here is simply passed along for use during the backup. No validation is performed on the name.

Notes:

  • If you are using a remote SQL Server and you specify a local path, the path you are specifying is located on the remote SQL Server and NOT on the console machine.

  • If you specify a UNC path to a location on SQL Server, your SQL Server account must have access to the path. If a built-in account is being used (such as Local System or Network Service) then the machine account needs access to the path.

Take ownership

Note: This button is only displayed if you have two or more consoles that share one database.

If your organization uses multiple Shavlik Protect consoles that share the same database, only one console will be authorized to use the Database Maintenance tool. If an administrator at another console wants to perform maintenance on the database, that administrator must take ownership of the task before the program will allow the administrator to continue. Any existing maintenance tasks will be allowed to complete before ownership is transferred to another administrator.

Run now

Immediately initiates the database maintenance task. The task is run in the background and requires no user intervention. The task is performed using the current configuration. The current configuration is saved for future use, and if the Enable weekly database maintenance check box is enabled this will also schedule the database maintenance task.

You can use the Event History log to track the progress of the maintenance task. In addition, after the task completes there should be fewer items in the Results list and in the Manage Items list. If you have access to SQL Server Management Studio you can also use its Database Properties feature to track the progress of the task.

Save

Saves the current database maintenance configuration. If the Enable weekly database maintenance check box is enabled this will also schedule the database maintenance task.

Cancel

Exits the Database Maintenance dialog without saving your most recent changes.