Reading from sysaudits table - Sybase ASE 15.7

I am currently trying to collect audit logs from the Sybase ASE 15.7 sysaudits table. SIEM will use the query to read audit logs. Since the sysaudits table can be read by users with the SSO role, we had to find an alternative as we cannot grant the SIEM privilege. Our DBA tried to create a view for this purpose, but since the account used by SIEM does not have an SSO role, it failed. Therefore the DBA suggested to create another table with the same structure (event, eventmod, spid, eventtime, sequence, suid, dbid, objid, xactid, loginname, dbname, objname, objowner, extrainfo, nodeid) and he will write a script that will read from the sysaudits table and write to this new table every 5 minutes. So, we continued the solution, however, I ran into the problem,so i need help

The SIEM solution will read using a query provided by the DBA, however the SIEM solution requires a unique column to track the last record. I noticed that there is no such unique column in sysaudits. Moreover, I noticed that some commands are split into multiple entries and use a sequence ID to track them.

• I was wondering if I should add one more auto increment id. This will help keep track of audit logs.
• For the sequence id and commands split across multiple records, I was thinking maybe use a script that reads from sysaudits and when it encounters a command split across multiple records, it can concatenate it as one record and write it to our table. and not the original several records with serial numbers.

How do I ask for this? Or is there a better way to get around this?

Also, I noticed that we only get 92 in the event column event. Although sybase is specified, we can get different values ​​for the event field. Should I get other values ​​as well?

Thank you in advance