aa-logprof does not see all denied entries. For example if I switch apache to enforce mode it cant connect to MySQL.
audit: type=1400 audit(1436258489.774:2313141): apparmor="DENIED" operation="connect" profile="/usr/sbin/apache2" name="/run/mysqld/mysqld.sock" pid=24866 comm="apache2" requested_mask="wr" denied_mask="wr" fsuid=33 ouid=105
aa-logprof ignore that syslog entry.
aa-logprof does not see all denied entries. For example if I switch apache to enforce mode it cant connect to MySQL.
audit: type=1400 audit(143625848 9.774:2313141) : apparmor="DENIED" operation="connect" profile= "/usr/sbin/ apache2" name="/ run/mysqld/ mysqld. sock" pid=24866 comm="apache2" requested_mask="wr" denied_mask="wr" fsuid=33 ouid=105
aa-logprof ignore that syslog entry.