Confirm you have this issue:
Acquire a count of the
SCORInventory data type in the
SCOR_DATA_CHANNEL table using the following SQL queries:
Query 1
Select DATA_TYPE, count(*) as COUNT from SCOR_DATA_CHANNEL group by DATA_TYPE;
| |
DATA_TYPE |
COUNT |
| 1 |
SCORCommand Response |
1 |
| 2 |
SCORDiag |
98 |
| 3 |
SCORInventory |
758015 |
NOTE: A high
COUNT for the
SCORInventory data type suggests that the inventory-diff or a Pull Inventory Client Task was scheduled for many hosts simultaneously.
Query 2
Select DATA_TYPE, count(distinct TRANSACTION_ID) as TX_COUNT from SCOR_DATA_CHANNEL group by DATA_TYPE;
| |
DATA_TYPE |
TX_COUNT |
| 1 |
SCORInventory |
758015 |
| 2 |
SCORCommandResponse |
1 |
| 3 |
SCORDiag |
98 |
NOTE: A high
TX_COUNT for the
SCORInventory data type confirms that the issue is because of
inventory-diff. If the count for
SCORInventory from
Query1 is high and
Query2 is low, a Pull Inventory Client Task scheduled for many hosts simultaneously might be the cause.
Workaround:
Switch
off inventory-diff and run the
SC: Pull Inventory Client Task on a limited number of hosts per day.
IMPORTANT: To understand the implications of disabling the
inventory-diff feature, see
KB81702.
To switch
off Solidcore
inventory-diff:
- Log on to the ePO console.
- Click Menu, Policy, Client Task Catalog.
- Click Actions, New Task.
- Select SC: Run Commands from the Task Types drop-down list and click OK.
- Type a Task Name (for example, Disable Solidcore Inventory-Diff) and provide a Description (optional).
- Do one of the following:
- For MACC version 6.1 and earlier, type: config set InvDiffConfig=1
- For MACC version 6.2 and later, type: config set InvDiffConfig2=1
- Click Save.
- Click Assign for the new task.
- Select My Organization as the group to which to assign the client task.
- Push the client task to Solidcore Agents by performing an agent wake-up call.
As a best practice, McAfee recommends that you schedule the Pull Inventory Client Task for 300 or fewer hosts per day. Determine whether all
SCORInventory data is being processed from the
SCOR_DATA_CHANNEL table. Gradually increase the number of hosts until it reaches the maximum. The maximum value is reached when the
SCORInventory data type takes more than 24 hours to process.
You can also enable debug logging on ePO and collect MERs. The debug information indicates how long the thread took to process inventory from a single host.
Example
Log at the start of processing:
2013-10-29 00:55:43,835 DEBUG [mfs:pool-2-thread-13] inventory.InventoryPullInternalTask - Working on inventory for Agentguid:652F9790-18C9-418D-AD6C-6C786DE4FED3| Txn Id:{15DC4018-D3E6-4903-8BC0-A01D34418088}
Log at the end processing:
2013-10-29 00:56:40,961 DEBUG [mfs:pool-2-thread-13] inventory.InventoryPullInternalTask - Inv Pull done for AgentGuid: 652F9790-18C9-418D-AD6C-6C786DE4FED3
