diff --git a/utils/apparmor/logparser.py b/utils/apparmor/logparser.py
index b0223d755..37bb27113 100644
--- a/utils/apparmor/logparser.py
+++ b/utils/apparmor/logparser.py
@@ -111,6 +111,7 @@ class ReadLog:
         ev['pid'] = event.pid
         ev['task'] = event.task
         ev['info'] = event.info
+        ev['error_code'] = event.error_code
         dmask = event.denied_mask
         rmask = event.requested_mask
         ev['magic_token'] = event.magic_token
@@ -162,6 +163,11 @@ class ReadLog:
             except KeyError:
                 ev['aamode'] = None
 
+        # "translate" disconnected paths to errors, which means the event will be ignored.
+        # XXX Ideally we should propose to add the attach_disconnected flag to the profile
+        if ev['error_code'] == 13 and ev['info'] == 'Failed name lookup - disconnected path':
+            ev['aamode'] = 'ERROR'
+
         if ev['aamode']:
             #debug_logger.debug(ev)
             return ev
diff --git a/utils/test/test-capability.py b/utils/test/test-capability.py
index e99f6343d..701e3c3dc 100644
--- a/utils/test/test-capability.py
+++ b/utils/test/test-capability.py
@@ -104,6 +104,7 @@ class CapabilityTest(unittest.TestCase):
         self.assertEqual(parsed_event, {
             'request_mask': set(),
             'denied_mask': set(),
+            'error_code': 0,
             'magic_token': 0,
             'parent': 0,
             'profile': '/bin/ping',