diff --git a/libraries/libapparmor/src/grammar.y b/libraries/libapparmor/src/grammar.y
index 69625356f..5322aae01 100644
--- a/libraries/libapparmor/src/grammar.y
+++ b/libraries/libapparmor/src/grammar.y
@@ -184,6 +184,8 @@ syslog_type:
 	  { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); free($4); }
 	| syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id key_list
 	  { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); free($4); }
+	| syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_AUDIT TOK_COLON key_type audit_id key_list
+	  { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); }
 	;
 
 /* when audit dispatches a message it doesn't prepend the audit type string */
diff --git a/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.err b/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.err
new file mode 100644
index 000000000..e69de29bb
diff --git a/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.in b/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.in
new file mode 100644
index 000000000..26abf7e87
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.in
@@ -0,0 +1 @@
+Dec  7 13:18:59 rosa kernel: audit: type=1400 audit(1417954745.397:82): apparmor="ALLOWED" operation="open" profile="/home/simi/bin/aa-test" name="/usr/bin/" pid=3231 comm="ls" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
diff --git a/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.out b/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.out
new file mode 100644
index 000000000..a5492b66e
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/syslog_audit_02.out
@@ -0,0 +1,15 @@
+START
+File: test_multi/syslog_audit_02.in
+Event type: AA_RECORD_ALLOWED
+Audit ID: 1417954745.397:82
+Operation: open
+Mask: r
+Denied Mask: r
+fsuid: 1000
+ouid: 0
+Profile: /home/simi/bin/aa-test
+Name: /usr/bin/
+Command: ls
+PID: 3231
+Epoch: 1417954745
+Audit subid: 82