The main components of the audit system are the sybsecurity device and the sybsecurity database.
The sybsecurity device stores the sybsecurity database, which is created as part of the auditing configuration process. It contains all the system tables in the model database, as well as a system table for tracking server-wide auditing options and system tables for the audit trail.
Adaptive Server stores the audit trail in system tables, named sysaudits_01 through sysaudits_08. At any given time, only one audit table is current. Adaptive Server writes all audit data to the current audit table. A system security officer can use sp_configure to set or change the current audit table.
When you configure Adaptive Server for auditing, determine the number of audit tables for your installation. Plan to use at least two or three system tables for the audit trail and to put each system table on its own device, separate from the master device. If you do this, you can use a threshold procedure that archives the current audit table automatically, before it fills up and switches to a new, empty table for subsequent audit records.