#866340 aa-genprof: ERROR: Can't find system log "/var/log/syslog" (journald-only setup)

Package:
apparmor-utils
Source:
apparmor
Submitter:
Julian Andres Klode
Date:
2026-03-16 17:31:02 UTC
Severity:
normal
Tags:
#866340#5
Date:
2017-06-28 23:00:16 UTC
From:
To:
aa-genprof fails if syslog does not exist, which is the
case on a journald-only machine.
#866340#10
Date:
2017-06-29 05:44:26 UTC
From:
To:
Hi,

Julian Andres Klode:

Yeah, sorry about that. I've just generalized an existing upstream bug
report to include this use case.

Cheers,
#866340#19
Date:
2020-04-20 15:55:18 UTC
From:
To:
Hi,
Still not working with systemd 245 and apparmor-utils 2.13.4-1+b1

It will be great to redirect like this:

         aa-genprof -f <(journalctl -b)

Is there any chance to work with journald ?

----
Regards,
Edi D
#866340#26
Date:
2024-02-22 18:16:53 UTC
From:
To:
This bug is now 7 years old and has not been fixed yet? Jesus!
#866340#31
Date:
2025-02-06 06:25:41 UTC
From:
To:
Just discovered this on Debian 12 bookworm which doesn't even have a
syslog daemon by default anymore. How did this get even out of testing?

Cheers.
#866340#36
Date:
2026-03-16 17:12:51 UTC
From:
To:
Stumbled upon this problem, tried something along these lines:

 -  At one console:

    # journalctl -b -k -e -f > /var/tmp/aa-whatever.log

 - At another:

    # aa-genprof -f /var/tmp/aa-whatever.log /usr/bin/whatever

 - At yet another - actually run the app and exercise it.

In the result, the file is full of audit messages regarding the app, but it
appears that aa-genprof expects them to be in some syslog-specific format, so
pressing 'S' in it yields no events, and when one presses 'F' to exit, the app
being profiled is left in a malfunctioning state as apparently everything is
now denied for it.

Removing the generated profile and restarting apparmor does not fix the
problem; in my case only rebooting helps.