Hey people I am planning to add DB support in audit functionality in linux. I have some queries so if u ppl could reply to this then it will help me a lot.

1) Should each name/value pair be turned into fields with a record?
2) Should each record be a table?
3) Should each event be a table?
4) Should event and its subrecords be reworked into one record that pulls out only the important data?
5) what kind of reports will be useful to run from the database. ?

6) what kind of reporting user will find useful. ?
7) What are the main reports and what information should they contain?