The following fields are provided in an application audit report:
Host
The machine protected by AppArmor for which the security events are reported.
Date
The date during which security events occurred.
Program
The name and path of the executing process.
Profile
The absolute name of the security profile that is applied to the process.
PID
A number that uniquely identifies one specific process or running program (this
number is valid only during the lifetime of that process).
State
This field reveals whether the program listed in the program field is confined. If it
is not confined, you might consider creating a profile for it.
300
Security Guide