diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_changehat_01.err b/libraries/libapparmor/testsuite/test_multi/testcase_changehat_01.err
new file mode 100644
index 000000000..e69de29bb
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_changehat_01.in b/libraries/libapparmor/testsuite/test_multi/testcase_changehat_01.in
new file mode 100644
index 000000000..a84b4d72c
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_changehat_01.in
@@ -0,0 +1 @@
+type=AVC msg=audit(1449442292.901:961): apparmor="ALLOWED" operation="change_hat" profile="/usr/sbin/httpd{,2}-prefork" pid=8527 comm="httpd-prefork" target="/usr/sbin/httpd{,2}-prefork//HANDLING_UNTRUSTED_INPUT"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_changehat_01.out b/libraries/libapparmor/testsuite/test_multi/testcase_changehat_01.out
new file mode 100644
index 000000000..2f34f4b67
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_changehat_01.out
@@ -0,0 +1,11 @@
+START
+File: testcase_changehat_01.in
+Event type: AA_RECORD_ALLOWED
+Audit ID: 1449442292.901:961
+Operation: change_hat
+Profile: /usr/sbin/httpd{,2}-prefork
+Command: httpd-prefork
+Name2: /usr/sbin/httpd{,2}-prefork//HANDLING_UNTRUSTED_INPUT
+PID: 8527
+Epoch: 1449442292
+Audit subid: 961
diff --git a/utils/apparmor/logparser.py b/utils/apparmor/logparser.py
index 547a3c9ba..fbf01b275 100644
--- a/utils/apparmor/logparser.py
+++ b/utils/apparmor/logparser.py
@@ -254,10 +254,10 @@ class ReadLog:
         if e['operation'] == 'change_hat':
             if aamode != 'HINT' and aamode != 'PERMITTING':
                 return None
-            profile = e['name']
+            profile = e['name2']
             #hat = None
-            if '//' in e['name']:
-                profile, hat = e['name'].split('//')[:2]
+            if '//' in e['name2']:
+                profile, hat = e['name2'].split('//')[:2]
 
         if not hat:
             hat = profile