SQL Anywhere Studio Security Guide
Auditing
This page describes operation of Adaptive Server Anywhere in a manner equivalent to a C2-security-certified configuration. It does not provide general-purpose information on the topic.
You can use the dbtran utility to retrieve audit records from the transaction log. The transaction log file is usually found in the dbname.log file, located in the same directory as the database file.
The -g switch tells dbtran to include audit records in the output. The output from dbtran is a SQL script with comments interspersed. This SQL script can be used to recover the database if a failure occurs. When using the -g option, the output file is entirely comments, since the -g option implies the -d option (which records transaction log information in the order in which it was contained in the log, not in the default commit order). Do not use output in this format for recovery of a database. Each line is commented to avoid accidental use of this file for recovery.
When a user connects to the database, an audit record is generated:
--CONNECT-1001-0000198970-dba-1998/dec/03 14:54
The data following the CONNECT are interpreted as follows:
1001 is the connection ID assigned to this connection. Any transactions listed below with connection ID 1001 belong to this connection, until another CONNECT-1001 is found.
0000198970 is the byte offset of the record in the transaction log.
dba is the user name logged in on this connection.
1998/dec/03 14:54 is the date and time of the connection.
Other records have the connection ID and byte offset, but only the CONNECT record has the user name and date/time. Note that disconnects are not logged. If another CONNECT record is generated with the same connection ID as a previous CONNECT record, you can assume that the first user has disconnected. Although the connection ID is reused, the second connection is entirely unrelated to the first.