All AppArmor events are logged using the system's audit interface (the auditd logging to /var/log/audit/audit.log). On top of this infrastructure, event notification can be configured. Configure this feature using YaST. It is based on severity levels according to /etc/apparmor/severity.db. Notification frequency and type of notification (such as e-mail) can be configured.
If auditd is not running, AppArmor logs to the system log located under /var/log/messages using the LOG_KERN facility.
Use YaST for generating reports in CSV or HTML format.