diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6491ff6..8cfff46 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,9 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Added
 
+- Added better error messages for when `NewAuditClient` fails due to the
+  Linux kernel not supporting auditing (CONFIG_AUDIT=n). #32
+
 ### Changed
 
 ### Deprecated
diff --git a/audit.go b/audit.go
index 73f4b06..5baf265 100644
--- a/audit.go
+++ b/audit.go
@@ -105,7 +105,12 @@ func newAuditClient(netlinkGroups uint32, resp io.Writer) (*AuditClient, error)
 
 	netlink, err := NewNetlinkClient(syscall.NETLINK_AUDIT, netlinkGroups, buf, resp)
 	if err != nil {
-		return nil, err
+		switch err {
+		case syscall.EINVAL, syscall.EPROTONOSUPPORT, syscall.EAFNOSUPPORT:
+			return nil, errors.Wrap(err, "audit not supported by kernel")
+		default:
+			return nil, errors.Wrap(err, "failed to open audit netlink socket")
+		}
 	}
 
 	return &AuditClient{Netlink: netlink}, nil
diff --git a/audit_test.go b/audit_test.go
index ee315ce..2a71e99 100644
--- a/audit_test.go
+++ b/audit_test.go
@@ -35,8 +35,7 @@ import (
 )
 
 // This can be run inside of Docker with:
-// docker run -it --rm -v `pwd`:/go/src/github.com/elastic/go-libaudit \
-//   --pid=host --privileged golang:1.8.3 /bin/bash
+// docker run -it --rm -v `pwd`:/go/src/github.com/elastic/go-libaudit --pid=host --privileged golang:1.10.1 /bin/bash
 
 var (
 	hexdump = flag.Bool("hexdump", false, "dump kernel responses to stdout in hexdump -C format")