diff --git a/test-cases/apparmor-session-lockdown-no-deny.yaml b/test-cases/apparmor-session-lockdown-no-deny.yaml
index 4fb73b02db0941de32b6c1f2508934fa54df54d9..a7aeac1a30ebe0db0ea4cf47fdd150f0cfd2d192 100644
--- a/test-cases/apparmor-session-lockdown-no-deny.yaml
+++ b/test-cases/apparmor-session-lockdown-no-deny.yaml
@@ -17,6 +17,7 @@ metadata:
 
   macro_install_packages_preconditions: apertis-tests-apparmor-report
                                         apparmor-utils
+                                        aa-status
 
   expected:
     - "aa-status should show at least the following processes in complain mode:"
@@ -32,18 +33,14 @@ metadata:
     - "Note that there may be processes in other modes, such as in enforce mode,
        uncontained, or complain mode. Also note that the confinement status of
        profiles is irrelevant."
-    - "The aa_log_extract_tokens.pl command above should have no output."
+    - "The aa_log_extract_tokens.sh command above should have no output."
 
 run:
   steps:
-    - "First of all clean the auditd logs to ensure only new messages are seen:"
-    - $ echo -n | sudo tee /var/log/audit/audit.log
-    - "Then reboot the image."
-    - $ sudo reboot
     - "Ensure pulseaudio is running:"
     - $ pactl stat
     - "No need to check the output of the command."
     - "Now ensure AppArmor is enabled and working, by running aa-status:"
     - $ sudo aa-status
     - "Then ensure the audit log file has no AppArmor complaints:"
-    - $ sudo cat /var/log/audit/audit.log | sudo aa_log_extract_tokens.pl REJECTING
+    - $ sudo journalctl -b -t audit -o cat | ./aa_log_extract_tokens.sh DENIED