I'm wondering if anyone has tried to set up auditing on databases that are particularly active, and generate a lot of extraneous information in the normal operation of the application. For example, the 'sa' account may be used by the application to create and drop tables, move data around, generating tens of thousands of records in the process. It may also act on behalf of the user, effectively masking who was doing what.
I'm curious what products may have been used, and what kind of filtering you apply. I'm even curious who may have segregated duties to lessen the requirement for monitoring.