From 1eaf24c9653fe01420f1828adddcc91cd194ffe3 Mon Sep 17 00:00:00 2001
From: Stoppedpuma <58333920+Stoppedpuma@users.noreply.github.com>
Date: Fri, 7 Jun 2024 21:31:17 +0200
Subject: [PATCH] report - Add Auditd information

---
 docs/report.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/docs/report.md b/docs/report.md
index 2292d1bd..e13ac9e9 100644
--- a/docs/report.md
+++ b/docs/report.md
@@ -16,6 +16,16 @@ If this command produce nothing, try:
 aa-log -s -R
 ```
 
+If the log file is empty, check that Auditd is running:
+```sh
+sudo systemctl status auditd.service
+```
+
+If Auditd is disabled aa-log will not have new results, you can enable Auditd by doing the following command:
+```sh
+sudo systemctl enable auditd.service --now
+```
+
 You can get more logs with:
 
 1. `aa-log -R -s` that will provide all apparmor logs since boot time (if journalctl collect them)