【IT168 技术文档】本文档以安装在NT环境下的ASE12.5.x为例，sybase安装路径为'c:ase12'

    1、创建审计所需的数据库设备和数据库
    use master
    go

    --创建审计数据库sybsecurity
    disk init name = 'auditdev1',physname = 'c:ase12dataauditdev1',size = '500m'
    go
    disk init name = 'auditlog1',physname = 'c:ase12dataauditlog1',size = '1000m'
    go
    create database sybsecurity on auditdev1 = 500 log on auditlog1 = 1000
    go
    注：sybsecurity库的数据设备不要建太大，便于转储，日志要大一点，以免转储过程中日志空间不足。

    --创建转储审计结果的数据库auditdata
    disk init name = 'auditdatadev1',physname = 'c:ase12dataauditdatadev1',size = '5000m'
    go
    disk init name = 'auditdatalog1',physname = 'c:ase12dataauditdatalog1',size = '1000m'
    go
    create database auditdata on auditdatadev1 = 5000 log on auditdatalog1 = 1000
    go

    2、设置数据库选项use sybsecurity
    go
    master..sp_dboption sybsecurity ,'trunc log on chkpt',true
    go
    checkpoint
    go

    use auditdata
    go
    master..sp_dboption auditdata ,'trunc log on chkpt',true
    go
    master..sp_dboption auditdata ,'select into/bulkcopy/pllsort',true
    go
    checkpoint
    go

    3、执行安装脚本isql -Usa -P123456 -Spds -ic:ase12ASE-12_5scriptsinstallsecurity
    在UNIX环境下
    cd $SYBASE/ASE-12_5/scripts
    isql -Usa -Ppassword -Sservername -iinstallsecurity

    4、重启SYBASE服务

    5、初始化和追加第二个审计表所需的数据库设备auditdev2disk init name = 'auditdev2',physname = 'c:ase12dataauditdev2',size = '500m'
    go
    alter database sybsecurity on auditdev2 = 500
    go

    6、创建第二个审计表sysaudits_02（上面第3步执行安装脚本时会自动创建审计表sysaudits_01）
    sp_addaudittable auditdev2
    go

    7、在转储库中创建与sysaudits_01结构相同的转储表sysauditdataselect * into auditdata..sysauditdata from sybsecurity..sysaudits_01 where 1=2
    go

    8、在sybsecurity中创建审计表阈值过程
    use sybsecurity
    go
    create procedure audit_thresh
    as
    begin
    declare @audit_table_number int
    /*
    ** Select the value of the current audit table
    */
    select @audit_table_number = scc.value
    from master.dbo.syscurconfigs scc, master.dbo.sysconfigures sc
    where sc.config=scc.config and sc.name = 'current audit table'
    /*
    ** Set the next audit table to be current.
    ** When the next audit table is specified as 0,
    ** the value is automatically set to the next one.
    */
    exec sp_configure 'current audit table', 0, 'with truncate'
    /*
    ** Copy the audit records from the audit table
    ** that became full into another table.
    */
    if @audit_table_number = 1
    begin
    insert auditdata..sysauditdata
    select * from sysaudits_01
    truncate table sysaudits_01
    end
    else if @audit_table_number = 2
    begin
    insert auditdata..sysauditdata
    select * from sysaudits_02
    truncate table sysaudits_02
    end
    return(0)
    end
    go

    9、将阈值过程追加到每一个审计段use sybsecurity
    go
    sp_addthreshold sybsecurity, aud_seg_01, 250, audit_thresh
    go
    sp_addthreshold sybsecurity, aud_seg_02, 250, audit_thresh
    go

    10、调整审计相关配置参数sp_configure 'audit queue size',1000
    go
    --审计队列大小，一个审计记录需内存424字节，缺省100，改为1000，
    --约需内存420k，增大这个值，可以减小因审计而产生阻塞的可能性。
    sp_configure 'suspend audit when device full',1 --1是缺省值
    go

    11、设置审计选项sp_audit "all","sa_role","all","on"
    go
    --天津联通发来的文档中，要求打开这个审计选项

    12、启用审计功能sp_configure 'auditing',1
    go

    13、察看审计结果--最初的审计结果在sybsecurity..sysaudits_01（或sybsecurity..sysaudits_02）中
    Select * from sybsecurity..sysaudits_01
    go
    --转储之后的审计结果在auditdata..sysauditdata
    select * from auditdata..sysauditdata
    go

    14、如需停用审计功能，命令如下sp_configure 'auditing',0
    go