No "type=APPARMOR_ALLOWED/DENIED" logs
Hi,
I'm under Debian 10 (kernel 5.4.8-1~bpo10+1) and I installed auditd some weeks ago.
Issue: I don't get any AppArmor logs like ALLOWED or DENIED in my /var/log/audit/audit.log while I'm sure I should have some (for example, aa-genprof seems unable to scan my logs and help me to generate an appropriate profile).
I thought AppArmor writes its logs directly in /var/log/audit/audit.log if auditd is already installed, otherwise they go to /var/log/syslog, /var/log/messages or /var/log/kern.log. I have nothing there neither...
Did I miss something please?
NB:
* the only AppArmor related logs I have are some apparmor="STATUS" regarding operation="profile_load" for the most part...
* apparmor.service is running and everything is OK with aa-status
Thanks in advance :)
Best regards,
l0f4r0
Reply to: