Comment 3 for bug 1358705

Actually AUDIT events need to be skipped by aa-logprof - they are already known to the profile, so there's no reason to ask about them.

Thanks for the log lines - I'm able to reproduce the problem with them.

The real problem was a typo - the code uses "AUDIT" everywhere, except at one place that accidently contained "AUDITING".

The following patch fixes it:

=== modified file 'utils/apparmor/logparser.py'
--- utils/apparmor/logparser.py 2014-08-18 19:01:38 +0000
+++ utils/apparmor/logparser.py 2014-08-20 11:26:09 +0000
@@ -151,7 +151,7 @@
             # Convert aamode values to their counter-parts
             mode_convertor = {0: 'UNKNOWN',
                               1: 'ERROR',
- 2: 'AUDITING',
+ 2: 'AUDIT',
                               3: 'PERMITTING',
                               4: 'REJECTING',
                               5: 'HINT',