No "type=APPARMOR_ALLOWED/DENIED" logs

To: Debian User <debian-user@lists.debian.org>
Subject: No "type=APPARMOR_ALLOWED/DENIED" logs
From: l0f4r0@tuta.io
Date: Sun, 5 Jul 2020 21:08:49 +0200 (CEST)
Message-id: <[🔎] MBVNNHW--3-2@tuta.io>

Hi,

I'm under Debian 10 (kernel 5.4.8-1~bpo10+1) and I installed auditd some weeks ago.
Issue: I don't get any AppArmor logs like ALLOWED or DENIED in my /var/log/audit/audit.log while I'm sure I should have some (for example, aa-genprof seems unable to scan my logs and help me to generate an appropriate profile).

I thought AppArmor writes its logs directly in /var/log/audit/audit.log if auditd is already installed, otherwise they go to /var/log/syslog, /var/log/messages or /var/log/kern.log. I have nothing there neither...
Did I miss something please?

NB:
* the only AppArmor related logs I have are some apparmor="STATUS" regarding operation="profile_load" for the most part...
* apparmor.service is running and everything is OK with aa-status

Thanks in advance :)
Best regards,
l0f4r0

Reply to:

Prev by Date: Re: security.debian.org is slow
Next by Date: Re: security.debian.org is slow
Previous by thread: Re: terminator + xcompmgr freezes desktop
Next by thread: Re: No "type=APPARMOR_ALLOWED/DENIED" logs
Index(es):
- Date
- Thread