The audit system includes several components.
The sybsecurity device and the sybsecurity database – stores audit information.
The sybsecurity database is created as part of the auditing configuration process. It contains all the system tables in the model database as well as a system table for tracking server-wide auditing options and system tables for the audit trail.
The audit trail – comprises several audit devices and tables that you configure.
SAP ASE stores the audit trail in as many as eight system tables, named sysaudits_01 through sysaudits_08.
For example, if you have two audit tables, they are named sysaudits_01 and sysaudits_02. At any given time, only one is current. SAP ASE writes all audit data to the current audit table. A system security officer can use sp_configure to set or change the current audit table.
When you configure SAP ASE for auditing, determine the number of audit tables for your installation. Plan to use at least two or three system tables for the audit trail and to put each system table on its own device, separate from the master device. This allows you to use a threshold procedure that archives the current audit table automatically, before it fills up and switches to a new, empty table for subsequent audit records.
The syslogs transaction log device – stores transaction logs.
When you configure for auditing, you must specify a separate device for the syslogs system table, which contains the transaction log. The syslogs table, which exists in every database, contains a log of transactions that are executed in the database.