diff --git a/run-aa-test b/run-aa-test
index ffaba73a8480b143d0a6378003f4b62f7866f81d..680c79d8632021a67b3a05e86ab90dbb5c825dab 100755
--- a/run-aa-test
+++ b/run-aa-test
@@ -66,10 +66,11 @@ if [ ! -r ${bash_history} ]; then
 	fi
 fi
 
-# Catch any new lines added to audit.log
-AUDIT_FILE=$( mktemp )
-tail -n0 -f /var/log/audit/audit.log > ${AUDIT_FILE} &
-AUDIT_PID=$!
+# Create a temporary directory for files
+TMP_DIR=$(mktemp -d)
+
+# Log start time
+START_TIME=$(date +"%F %T")
 
 if [ "${LAUNCH_DBUS}" = "True" ]; then
 	# Start a new D-Bus session for this test
@@ -122,11 +123,12 @@ else
 	SOMETHING_FAILED="True"
 fi
 
-# Give auditd time to log the entries.
+# Give journal time to log the entries.
 sleep 3
 
-# Need to stop tailing audit
-kill ${AUDIT_PID}
+# Get audit information from journal
+AUDIT_FILE=${TMP_DIR}/AUDIT
+journalctl -S "${START_TIME}" -t audit -o cat > ${AUDIT_FILE}
 
 echo "#=== ${TEST_TITLE} ==="
 
@@ -138,28 +140,26 @@ echo "#---8<--- expected output from aa_log_extract_tokens.pl"
 cat ${EXPECT_FILE} | sed 's/^/# /'
 echo "#--->8---"
 
-EXPECT_SPLIT_DIR=$(mktemp -d)
-
-cp ${EXPECT_FILE} ${EXPECT_SPLIT_DIR}/REMAIN
+cp ${EXPECT_FILE} ${TMP_DIR}/REMAIN
 
 EXPECT_COUNT=1
 
-SEPARATOR=$( grep -m1 -x -n "${ALTERNATIVE_SEPARATOR}" ${EXPECT_SPLIT_DIR}/REMAIN | cut -d: -f1 )
+SEPARATOR=$( grep -m1 -x -n "${ALTERNATIVE_SEPARATOR}" ${TMP_DIR}/REMAIN | cut -d: -f1 )
 while [ "${SEPARATOR}" != "" ]; do
 	echo "SEPARATOR=\"${SEPARATOR}\""
 	echo "REMAIN:"
-	cat ${EXPECT_SPLIT_DIR}/REMAIN
-	head -n $((${SEPARATOR}-1)) ${EXPECT_SPLIT_DIR}/REMAIN > ${EXPECT_SPLIT_DIR}/EXPECT${EXPECT_COUNT}
+	cat ${TMP_DIR}/REMAIN
+	head -n $((${SEPARATOR}-1)) ${TMP_DIR}/REMAIN > ${TMP_DIR}/EXPECT${EXPECT_COUNT}
 	SEPARATOR=$((${SEPARATOR}+1))
-	tail -n +${SEPARATOR} ${EXPECT_SPLIT_DIR}/REMAIN > ${EXPECT_SPLIT_DIR}/REMAIN.new
-	mv ${EXPECT_SPLIT_DIR}/REMAIN.new ${EXPECT_SPLIT_DIR}/REMAIN
+	tail -n +${SEPARATOR} ${TMP_DIR}/REMAIN > ${TMP_DIR}/REMAIN.new
+	mv ${TMP_DIR}/REMAIN.new ${TMP_DIR}/REMAIN
 	EXPECT_COUNT=$((${EXPECT_COUNT}+1))
-	SEPARATOR=$( grep -m1 -x -n "${ALTERNATIVE_SEPARATOR}" ${EXPECT_SPLIT_DIR}/REMAIN | cut -d: -f1 )
+	SEPARATOR=$( grep -m1 -x -n "${ALTERNATIVE_SEPARATOR}" ${TMP_DIR}/REMAIN | cut -d: -f1 )
 done
 
-mv ${EXPECT_SPLIT_DIR}/REMAIN ${EXPECT_SPLIT_DIR}/EXPECT${EXPECT_COUNT}
+mv ${TMP_DIR}/REMAIN ${TMP_DIR}/EXPECT${EXPECT_COUNT}
 
-PARSE_FILE="${EXPECT_SPLIT_DIR}/PARSE"
+PARSE_FILE="${TMP_DIR}/PARSE"
 
 RET=$( cat ${AUDIT_FILE} | common/aa_log_extract_tokens.pl REJECTING > ${PARSE_FILE} )
 
@@ -169,18 +169,18 @@ if [ "${RET}" != "0" ]; then
 	LINES=$(wc -l ${AUDIT_FILE} | cut -d ' ' -f1 )
 	
 	cat ${AUDIT_FILE} | while read LINE; do
-		echo ${LINE} | common/aa_log_extract_tokens.pl REJECTING 2>${EXPECT_SPLIT_DIR}/STDERR > ${EXPECT_SPLIT_DIR}/STDOUT
+		echo ${LINE} | common/aa_log_extract_tokens.pl REJECTING 2>${TMP_DIR}/STDERR > ${TMP_DIR}/STDOUT
 		RET=$?
-		cat ${EXPECT_SPLIT_DIR}/STDOUT >> ${EXPECT_SPLIT_DIR}/ERRPARSE
+		cat ${TMP_DIR}/STDOUT >> ${TMP_DIR}/ERRPARSE
 
-		cat ${EXPECT_SPLIT_DIR}/STDERR | sed 's/^/E: /' >> ${EXPECT_SPLIT_DIR}/ERRPARSE
+		cat ${TMP_DIR}/STDERR | sed 's/^/E: /' >> ${TMP_DIR}/ERRPARSE
 
 		if [ "$RET" != "0" ]; then
-			echo -n "^ original line: ${LINE}" >> ${EXPECT_SPLIT_DIR}/ERRPARSE
+			echo -n "^ original line: ${LINE}" >> ${TMP_DIR}/ERRPARSE
 		fi
 	done
 
-	mv ${EXPECT_SPLIT_DIR}/ERRPARSE ${PARSE_FILE}
+	mv ${TMP_DIR}/ERRPARSE ${PARSE_FILE}
 fi
 
 echo "#---8<--- actual output from aa_log_extract_tokens.pl"
@@ -191,10 +191,10 @@ MATCH_EXPECTATION="False"
 
 # We might have alternative expectations, take that into consideration.
 OUTPUT_MD5=$( cat ${PARSE_FILE} | md5sum )
-COUNT=$( ls -1 ${EXPECT_SPLIT_DIR}/EXPECT* | wc -l )
+COUNT=$( ls -1 ${TMP_DIR}/EXPECT* | wc -l )
 NUM=1
 while [ $((${NUM} <= ${COUNT})) = 1 ]; do
-	EXPECTED_MD5=$( cat ${EXPECT_SPLIT_DIR}/EXPECT${NUM} | md5sum )
+	EXPECTED_MD5=$( cat ${TMP_DIR}/EXPECT${NUM} | md5sum )
 	if [ "${OUTPUT_MD5}" = "${EXPECTED_MD5}" ]; then
 		echo "# audit log matches alternative expectation ${NUM}/${COUNT}"
 		MATCH_EXPECTATION="True"
@@ -206,7 +206,7 @@ if [ "${MATCH_EXPECTATION}" = "True" ]; then
 	echo "${TEST_TITLE}: pass"
 else
 	echo "#---8<--- diff"
-	diff -urN ${EXPECT_SPLIT_DIR}/EXPECT${NUM} ${PARSE_FILE}
+	diff -urN ${TMP_DIR}/EXPECT${NUM} ${PARSE_FILE}
 	echo "#--->8---"
 	echo "${TEST_TITLE}: fail"
 	SOMETHING_FAILED="True"