diff --git a/changehat/libapparmor/src/aalogparse.h b/changehat/libapparmor/src/aalogparse.h
index ef725d3e8..d5ea01ab0 100644
--- a/changehat/libapparmor/src/aalogparse.h
+++ b/changehat/libapparmor/src/aalogparse.h
@@ -118,9 +118,11 @@ typedef struct
 	long pid;			/* PID of the program logging the message */
 	long task;
 	long magic_token;
+	long epoch;			/* example: 12345679 */
+	unsigned int audit_sub_id;		/* example: 12 */
 
 	int bitmask;			/* Bitmask containing "r" "w" "x" etc */
-	char *audit_id;
+	char *audit_id;			/* example: 12345679.1234:12 */
 	char *operation;		/* "Exec" "Ptrace", etc. */
 	char *denied_mask;		/* "r", "w", etc. */
 	char *requested_mask;
diff --git a/changehat/libapparmor/src/grammar.y b/changehat/libapparmor/src/grammar.y
index 3d52e0a67..a3dfc0a87 100644
--- a/changehat/libapparmor/src/grammar.y
+++ b/changehat/libapparmor/src/grammar.y
@@ -311,6 +311,8 @@ old_profile:
 audit_msg: TOK_KEY_MSG TOK_EQUALS TOK_AUDIT TOK_OPEN_PAREN TOK_AUDIT_DIGITS TOK_PERIOD TOK_AUDIT_DIGITS TOK_COLON TOK_AUDIT_DIGITS TOK_CLOSE_PAREN TOK_COLON
 	{
 		asprintf(&ret_record->audit_id, "%s.%s:%s", $5, $7, $9);
+		ret_record->epoch = atol($5);
+		ret_record->audit_sub_id = atoi($9);
 		free($5);
 		free($7);
 		free($9);
diff --git a/changehat/libapparmor/src/libaalogparse.c b/changehat/libapparmor/src/libaalogparse.c
index 913ea6798..28c856737 100644
--- a/changehat/libapparmor/src/libaalogparse.c
+++ b/changehat/libapparmor/src/libaalogparse.c
@@ -94,6 +94,8 @@ _init_log_record(aa_log_record *record)
 	record->bitmask = 0;
 	record->task = 0;
 	record->magic_token = 0;
+	record->epoch = 0;
+	record->audit_sub_id = 0;
 
 	record->audit_id = NULL;
 	record->operation = NULL;
diff --git a/changehat/libapparmor/testsuite/test_multi.c b/changehat/libapparmor/testsuite/test_multi.c
index 4a30ef006..86cbeb3d7 100644
--- a/changehat/libapparmor/testsuite/test_multi.c
+++ b/changehat/libapparmor/testsuite/test_multi.c
@@ -165,5 +165,7 @@ int print_results(aa_log_record *record)
 		{
 			printf("Protocol: %s\n", record->net_protocol);
 		}
+		printf("Epoch: %lu\n", record->epoch);
+		printf("Audit subid: %u\n", record->audit_sub_id);
 	return(0);
 }
diff --git a/changehat/libapparmor/testsuite/test_multi/testcase1.out b/changehat/libapparmor/testsuite/test_multi/testcase1.out
index 3054acfef..99f8f98b0 100644
--- a/changehat/libapparmor/testsuite/test_multi/testcase1.out
+++ b/changehat/libapparmor/testsuite/test_multi/testcase1.out
@@ -16,3 +16,5 @@ PID: 31938
 Network family: family
 Socket type: unknown(1234)
 Protocol: tcp
+Epoch: 1181057184
+Audit subid: 7
diff --git a/changehat/libapparmor/testsuite/test_multi/testcase10.out b/changehat/libapparmor/testsuite/test_multi/testcase10.out
index 4299b50fe..cc766ca0f 100644
--- a/changehat/libapparmor/testsuite/test_multi/testcase10.out
+++ b/changehat/libapparmor/testsuite/test_multi/testcase10.out
@@ -7,3 +7,5 @@ Profile: /home/matt/projects/change_hat_test/test_hat
 Task: 38229
 PID: 27764
 Active hat: /home/matt/projects/change_hat_test/test_hat
+Epoch: 1168661976
+Audit subid: 55
diff --git a/changehat/libapparmor/testsuite/test_multi/testcase11.out b/changehat/libapparmor/testsuite/test_multi/testcase11.out
index c01f33721..c7936a20e 100644
--- a/changehat/libapparmor/testsuite/test_multi/testcase11.out
+++ b/changehat/libapparmor/testsuite/test_multi/testcase11.out
@@ -5,3 +5,5 @@ Audit ID: 1168661976.062:55
 Operation: clone
 Task: 38229
 PID: 27764
+Epoch: 1168661976
+Audit subid: 55
diff --git a/changehat/libapparmor/testsuite/test_multi/testcase2.out b/changehat/libapparmor/testsuite/test_multi/testcase2.out
index 792127d0c..f98ff6133 100644
--- a/changehat/libapparmor/testsuite/test_multi/testcase2.out
+++ b/changehat/libapparmor/testsuite/test_multi/testcase2.out
@@ -9,3 +9,5 @@ Name: /home/matt/projects/change_hat_test/test
 Info: test_hat
 PID: 27871
 Active hat: null-complain-profile
+Epoch: 1168662182
+Audit subid: 58
diff --git a/changehat/libapparmor/testsuite/test_multi/testcase3.out b/changehat/libapparmor/testsuite/test_multi/testcase3.out
index a208b4a6d..86bd6318c 100644
--- a/changehat/libapparmor/testsuite/test_multi/testcase3.out
+++ b/changehat/libapparmor/testsuite/test_multi/testcase3.out
@@ -8,3 +8,5 @@ Name: TESTHAT
 Info: unknown_hat
 PID: 27764
 Active hat: /home/matt/projects/change_hat_test/test_hat
+Epoch: 1168661976
+Audit subid: 55
diff --git a/changehat/libapparmor/testsuite/test_multi/testcase4.out b/changehat/libapparmor/testsuite/test_multi/testcase4.out
index e1a36ac7f..945199e4e 100644
--- a/changehat/libapparmor/testsuite/test_multi/testcase4.out
+++ b/changehat/libapparmor/testsuite/test_multi/testcase4.out
@@ -9,3 +9,5 @@ Name: /bin/freak-aa-out
 Info: bash
 PID: 23415
 Active hat: /bin/freak-aa-out
+Epoch: 1167188680
+Audit subid: 54
diff --git a/changehat/libapparmor/testsuite/test_multi/testcase5.out b/changehat/libapparmor/testsuite/test_multi/testcase5.out
index dfe5aedc2..92d41027a 100644
--- a/changehat/libapparmor/testsuite/test_multi/testcase5.out
+++ b/changehat/libapparmor/testsuite/test_multi/testcase5.out
@@ -8,3 +8,5 @@ Name: /path/to/something
 Info: bash
 PID: 23415
 Active hat: /bin/freak-aa-out
+Epoch: 1167188680
+Audit subid: 54
diff --git a/changehat/libapparmor/testsuite/test_multi/testcase6.out b/changehat/libapparmor/testsuite/test_multi/testcase6.out
index 0ae08021d..a1bc2d19e 100644
--- a/changehat/libapparmor/testsuite/test_multi/testcase6.out
+++ b/changehat/libapparmor/testsuite/test_multi/testcase6.out
@@ -8,3 +8,5 @@ Name: /path/to/something
 Info: bash
 PID: 23415
 Active hat: /bin/freak-aa-out
+Epoch: 1167188680
+Audit subid: 54
diff --git a/changehat/libapparmor/testsuite/test_multi/testcase7.out b/changehat/libapparmor/testsuite/test_multi/testcase7.out
index 9c57b64e8..c34d39856 100644
--- a/changehat/libapparmor/testsuite/test_multi/testcase7.out
+++ b/changehat/libapparmor/testsuite/test_multi/testcase7.out
@@ -9,3 +9,5 @@ Attribute: set
 Info: bash
 PID: 23415
 Active hat: /bin/freak-aa-out
+Epoch: 1167188680
+Audit subid: 54
diff --git a/changehat/libapparmor/testsuite/test_multi/testcase8.out b/changehat/libapparmor/testsuite/test_multi/testcase8.out
index 18e446369..44966208f 100644
--- a/changehat/libapparmor/testsuite/test_multi/testcase8.out
+++ b/changehat/libapparmor/testsuite/test_multi/testcase8.out
@@ -9,3 +9,5 @@ Attribute: something
 Info: bash
 PID: 23415
 Active hat: /bin/freak-aa-out
+Epoch: 1167188680
+Audit subid: 54
diff --git a/changehat/libapparmor/testsuite/test_multi/testcase9.out b/changehat/libapparmor/testsuite/test_multi/testcase9.out
index c17906dac..61c38abd9 100644
--- a/changehat/libapparmor/testsuite/test_multi/testcase9.out
+++ b/changehat/libapparmor/testsuite/test_multi/testcase9.out
@@ -8,3 +8,5 @@ Name: cap
 Info: bash
 PID: 23415
 Active hat: /bin/freak-aa-out
+Epoch: 1167188680
+Audit subid: 54