diff --git a/libraries/libapparmor/testsuite/test_multi/symlink.err b/libraries/libapparmor/testsuite/test_multi/symlink.err
new file mode 100644
index 000000000..e69de29bb
diff --git a/libraries/libapparmor/testsuite/test_multi/symlink.in b/libraries/libapparmor/testsuite/test_multi/symlink.in
new file mode 100644
index 000000000..b659ce765
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/symlink.in
@@ -0,0 +1 @@
+Aug  3 00:00:41 liuchao-virtual-machine kernel: [ 4362.615262] audit: type=1400 audit(1596384041.705:290): apparmor="DENIED" operation="symlink" profile="/home/test.sh" name="/home/b.c" pid=8016 comm="ln" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
diff --git a/libraries/libapparmor/testsuite/test_multi/symlink.out b/libraries/libapparmor/testsuite/test_multi/symlink.out
new file mode 100644
index 000000000..d25ae6ee3
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/symlink.out
@@ -0,0 +1,15 @@
+START
+File: symlink.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1596384041.705:290
+Operation: symlink
+Mask: c
+Denied Mask: c
+fsuid: 0
+ouid: 0
+Profile: /home/test.sh
+Name: /home/b.c
+Command: ln
+PID: 8016
+Epoch: 1596384041
+Audit subid: 290
diff --git a/libraries/libapparmor/testsuite/test_multi/symlink.profile b/libraries/libapparmor/testsuite/test_multi/symlink.profile
new file mode 100644
index 000000000..8689f3b35
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/symlink.profile
@@ -0,0 +1,4 @@
+/home/test.sh {
+  owner /home/b.c w,
+
+}
diff --git a/utils/apparmor/logparser.py b/utils/apparmor/logparser.py
index a5a78ae2f..041dff4f7 100644
--- a/utils/apparmor/logparser.py
+++ b/utils/apparmor/logparser.py
@@ -319,6 +319,7 @@ class ReadLog:
        'rename_dest',
        'unlink',
        'rmdir',
+       'symlink',
        'symlink_create',
        'link',
        'sysctl',