diff --git a/src/Makefile.am b/src/Makefile.am
index f4cc0e65..12ef6308 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -113,7 +113,7 @@ pwunconv_LDADD = $(LDADD) $(LIBSELINUX)
 su_SOURCES     = \
 	su.c \
 	suauth.c
-su_LDADD       = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
+su_LDADD       = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
 sulogin_LDADD  = $(LDADD) $(LIBCRYPT)
 useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
 userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE)
diff --git a/src/su.c b/src/su.c
index d605af8e..f20d230a 100644
--- a/src/su.c
+++ b/src/su.c
@@ -219,6 +219,22 @@ static /*@noreturn@*/void su_failure (const char *tty, bool su_to_root)
 	}
 	closelog ();
 #endif
+
+#ifdef WITH_AUDIT
+	audit_fd = audit_open ();
+	audit_log_acct_message (audit_fd,
+				AUDIT_USER_ROLE_CHANGE,
+				NULL,    /* Prog. name */
+				"su",
+				('\0' != caller_name[0]) ? caller_name : "???",
+				AUDIT_NO_ID,
+				"localhost",
+				NULL,    /* addr */
+				tty,
+				0);      /* result */
+	close (audit_fd);
+#endif				/* WITH_AUDIT */
+
 	exit (1);
 }
 
@@ -1076,6 +1092,21 @@ int main (int argc, char **argv)
 	}
 #endif				/* !USE_PAM */
 
+#ifdef WITH_AUDIT
+	audit_fd = audit_open ();
+	audit_log_acct_message (audit_fd,
+				AUDIT_USER_ROLE_CHANGE,
+				NULL,    /* Prog. name */
+				"su",
+				('\0' != caller_name[0]) ? caller_name : "???",
+				AUDIT_NO_ID,
+				"localhost",
+				NULL,    /* addr */
+				caller_tty,
+				1);      /* result */
+	close (audit_fd);
+#endif				/* WITH_AUDIT */
+
 	set_environment (pw);
 
 	if (!doshell) {