If I re-run genprof, it calls logprof and I get (almost) nothing: ranok@nebula:~$ sudo genprof /usr/bin/pidgin Please start the application to be profiled in another window and exercise its functionality now. Once completed, select the "Scan" button below in order to scan the system logs for AppArmor events. For each AppArmor event, you will be given the opportunity to choose whether the access should be allowed or denied. Profiling: /usr/bin/pidgin [(S)can system log for SubDomain events] / (F)inish Reading log entries from /var/log/messages. Updating AppArmor profiles in /etc/apparmor.d. Profiling: /usr/bin/pidgin [(S)can system log for SubDomain events] / (F)inish FINISHING Looking at my syslog.conf, it might be that Bastille is messing something up, I'll try removing it and seeing if that fixes it. tail /var/log/messages Nov 1 13:50:22 localhost -- MARK -- Nov 1 14:10:22 localhost -- MARK -- Nov 1 14:10:47 localhost exiting on signal 15 Nov 1 15:07:58 localhost syslogd 1.4.1#21ubuntu3: restart. Nov 1 15:08:21 localhost dhcdbd: Started up. Nov 1 15:08:53 localhost gnome-power-manager: (ranok) Power Manager is already running in this session. Nov 1 15:13:29 localhost ranok: GenProf: 8d1fb148ac334a2ab38d647baa11795e Nov 1 15:13:57 localhost ranok: GenProf: 811c44ade7f677853a091a006c24bf0a Nov 1 15:15:35 localhost ranok: GenProf: 143964d75508277b830af8fae870e3dc Nov 1 15:15:36 localhost ranok: GenProf: c2ab2a0e1b3022049b70c301f1df05af If I don't run genprof, I normally see just the -- MARK -- and the stuff from other daemons JT # /etc/syslog.conf Configuration file for syslogd. # # For more information see syslog.conf(5) # manpage. # # First some standard logfiles. Log by facility. # auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log # # Logging for the mail system. Split it up so that # it is easy to write scripts to parse these files. # mail.info -/var/log/mail.info mail.warn -/var/log/mail.warn mail.err /var/log/mail.err # Logging for INN news system # news.crit /var/log/news/news.crit news.err /var/log/news/news.err news.notice -/var/log/news/news.notice # # Some `catch-all' logfiles. # *.=debug;\ auth,authpriv.none;\ news.none;mail.none -/var/log/debug *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none -/var/log/messages # # Emergencies are sent to everybody logged in. # *.emerg * # # I like to have messages displayed on the console, but only on a virtual # console I usually leave idle. # #daemon,mail.*;\ # news.=crit;news.=err;news.=notice;\ # *.=debug;*.=info;\ # *.=notice;*.=warn /dev/tty8 # The named pipe /dev/xconsole is for the `xconsole' utility. To use it, # you must invoke `xconsole' with the `-file' option: # # $ xconsole -file /dev/xconsole [...] # # NOTE: adjust the list below, or you'll go crazy if you have a reasonably # busy site.. # daemon.*;mail.*;\ news.err;\ *.=debug;*.=info;\ *.=notice;*.=warn |/dev/xconsole ############ BASTILLE ADDITIONS BELOW : ################# # Log all kernel messages to the new file /var/log/kernel kern.* /var/log/kernel # Log all logins to /var/log/loginlog auth.*;user.*;daemon.none /var/log/loginlog # Log additional data to the Alt-F7 and Alt-F8 screens (Pseudo TTY 7 and 8) *.info;mail.none;authpriv.none /dev/tty7 authpriv.* /dev/tty7 *.warn;*.err /dev/tty7 kern.* /dev/tty7 mail.* /dev/tty8 *.* /dev/tty12 ########## BASTILLE ADDITIONS CONCLUDED : ###############