diff --git a/src/parser.rs b/src/parser.rs
index 47870bb..b5261e0 100644
--- a/src/parser.rs
+++ b/src/parser.rs
@@ -370,7 +370,7 @@ fn parse_unspec_value<'a>(
 ) -> IResult<&'a [u8], PValue<'a>> {
     // work around apparent AppArmor breakage
     match (ty, name) {
-        (msg_type::SYSCALL, b"subj") | (msg_type::USER_AUTH, b"subj") => {
+        (_, b"subj") => {
             if let Ok((input, s)) = recognize(tuple((
                 opt(tag("=")),
                 parse_str_unq,
@@ -869,6 +869,7 @@ mod test {
         do_parse(include_bytes!("testdata/line-daemon-end.txt")).unwrap();
         do_parse(include_bytes!("testdata/line-netfilter.txt")).unwrap();
         do_parse(include_bytes!("testdata/line-anom-abend.txt")).unwrap();
+        do_parse(include_bytes!("testdata/line-anom-abend-2.txt")).unwrap();
         do_parse(include_bytes!("testdata/line-user-auth.txt")).unwrap();
         do_parse(include_bytes!("testdata/line-sockaddr-unix.txt")).unwrap();
         do_parse(include_bytes!("testdata/line-user-auth-2.txt")).unwrap();
diff --git a/src/testdata/line-anom-abend-2.txt b/src/testdata/line-anom-abend-2.txt
new file mode 100644
index 0000000..502921b
--- /dev/null
+++ b/src/testdata/line-anom-abend-2.txt
@@ -0,0 +1 @@
+type=ANOM_ABEND msg=audit(1703677054.334:4223663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==/usr/bin/man//&man_groff (enforce) pid=109919 comm="preconv" exe="/usr/bin/preconv" sig=31 res=1AUID="unset" UID="root" GID="root"