diff --git a/scripts/base/frameworks/analyzer/__load__.zeek b/scripts/base/frameworks/analyzer/__load__.zeek
index e2c42c7a8e..6d66b3e55c 100644
--- a/scripts/base/frameworks/analyzer/__load__.zeek
+++ b/scripts/base/frameworks/analyzer/__load__.zeek
@@ -1,2 +1,3 @@
 @load ./main
 @load ./dpd
+@load ./logging
diff --git a/scripts/base/frameworks/analyzer/logging.zeek b/scripts/base/frameworks/analyzer/logging.zeek
new file mode 100644
index 0000000000..2f4b48dc48
--- /dev/null
+++ b/scripts/base/frameworks/analyzer/logging.zeek
@@ -0,0 +1,182 @@
+##! Logging analyzer confirmations and violations into analyzer.log
+
+@load base/frameworks/config
+@load base/frameworks/logging
+
+@load ./main
+
+module Analyzer::Logging;
+
+export {
+	## Add the analyzer logging stream identifier.
+	redef enum Log::ID += { LOG };
+
+	## A default logging policy hook for the stream.
+	global log_policy: Log::PolicyHook;
+
+	## The record type defining the columns to log in the analyzer logging stream.
+	type Info: record {
+		## Timestamp of confirmation or violation.
+		ts:             time              &log;
+		## What caused this log entry to be produced. This can
+		## currently be "violation" or "confirmation".
+		cause:          string            &log;
+		## The kind of analyzer involved. Currently "packet", "file"
+		## or "protocol".
+		analyzer_kind:  string            &log;
+		## The name of the analyzer as produced by :zeek:see:`Analyzer::name`
+		## for the analyzer's tag.
+		analyzer_name:  string            &log;
+		## Connection UID if available.
+		uid:            string            &log &optional;
+		## File UID if available.
+		fuid:           string            &log &optional;
+		## Connection identifier if available
+		id:             conn_id           &log &optional;
+
+		## Failure or violation reason, if available.
+		failure_reason: string            &log &optional;
+
+		## Data causing failure or violation if available. Truncated
+		## to :zeek:see:`Analyzer::Logging::failure_data_max_size`.
+		failure_data:   string            &log &optional;
+	};
+
+	## Enable logging of analyzer violations and optionally confirmations
+	## when :zeek::see:`Analyzer::Logging::include_confirmations` is set.
+	option enable = T;
+
+	## Enable analyzer_confirmation. They are usually less interesting
+	## outside of development of analyzers or troubleshooting scenarios.
+	## Setting this option may also generated multiple log entries per
+	## connection, minimally one for each conn.log entry with a populated
+	## service field.
+	option include_confirmations = F;
+
+	## If a violation contains information about the data causing it,
+	## include at most this many bytes of it in the log.
+	option failure_data_max_size = 40;
+
+	## Set of analyzers for which to not log confirmations or violations.
+	option ignore_analyzers: set[AllAnalyzers::Tag] = set();
+}
+
+
+event zeek_init() &priority=5
+	{
+	Log::create_stream(LOG, [$columns=Info, $path="analyzer", $policy=log_policy,
+	                         $event_groups=set("Analyzer::Logging")]);
+
+	local enable_handler = function(id: string, new_value: bool): bool {
+		if ( new_value )
+		    Log::enable_stream(LOG);
+		else
+		    Log::disable_stream(LOG);
+
+		return new_value;
+	};
+	Option::set_change_handler("Analyzer::Logging::enable", enable_handler);
+
+	local include_confirmations_handler = function(id: string, new_value: bool): bool {
+		if ( new_value )
+		    enable_event_group("Analyzer::Logging::include_confirmations");
+		else
+		    disable_event_group("Analyzer::Logging::include_confirmations");
+
+		return new_value;
+	};
+	Option::set_change_handler("Analyzer::Logging::include_confirmations",
+	                           include_confirmations_handler);
+
+	# Call the handlers directly with the current values to avoid config
+	# framework interactions like creating entries in config.log.
+	enable_handler("Analyzer::Logging::enable", Analyzer::Logging::enable);
+	include_confirmations_handler("Analyzer::Logging::include_confirmations",
+	                              Analyzer::Logging::include_confirmations);
+
+	}
+
+function analyzer_kind(atype: AllAnalyzers::Tag): string
+	{
+	if ( is_protocol_analyzer(atype) )
+		return "protocol";
+	else if ( is_packet_analyzer(atype) )
+		return "packet";
+	else if ( is_file_analyzer(atype) )
+		return "file";
+
+	Reporter::warning(fmt("Unknown kind of analyzer %s", atype));
+	return "unknown";
+	}
+
+function populate_from_conn(rec: Info, c: connection)
+	{
+	rec$id = c$id;
+	rec$uid = c$uid;
+	}
+
+function populate_from_file(rec: Info, f: fa_file)
+	{
+	rec$fuid = f$id;
+	# If the confirmation didn't have a connection, but the
+	# fa_file object has has exactly one, use it.
+	if ( ! rec?$uid && f?$conns && |f$conns| == 1 )
+		{
+		for ( _, c in f$conns )
+			{
+			rec$id = c$id;
+			rec$uid = c$uid;
+			}
+		}
+	}
+
+event analyzer_confirmation_info(atype: AllAnalyzers::Tag, info: AnalyzerConfirmationInfo) &group="Analyzer::Logging::include_confirmations"
+	{
+	if ( atype in ignore_analyzers )
+		return;
+
+	local rec = Info(
+		$ts=network_time(),
+		$cause="confirmation",
+		$analyzer_kind=analyzer_kind(atype),
+		$analyzer_name=Analyzer::name(atype),
+	);
+
+	if ( info?$c )
+		populate_from_conn(rec, info$c);
+
+	if ( info?$f )
+		populate_from_file(rec, info$f);
+
+	Log::write(LOG, rec);
+	}
+
+event analyzer_violation_info(atype: AllAnalyzers::Tag, info: AnalyzerViolationInfo)
+	{
+	if ( atype in ignore_analyzers )
+		return;
+
+	local rec = Info(
+		$ts=network_time(),
+		$cause="violation",
+		$analyzer_kind=analyzer_kind(atype),
+		$analyzer_name=Analyzer::name(atype),
+		$failure_reason=info$reason,
+	);
+
+	if ( info?$c )
+		populate_from_conn(rec, info$c);
+
+	if ( info?$f )
+		populate_from_file(rec, info$f);
+
+	if ( info?$data )
+		{
+		if ( failure_data_max_size > 0 )
+			rec$failure_data = info$data[0:failure_data_max_size];
+		else
+			rec$failure_data = info$data;
+		}
+
+	Log::write(LOG, rec);
+	}
diff --git a/scripts/base/init-frameworks-and-bifs.zeek b/scripts/base/init-frameworks-and-bifs.zeek
index e7ffcedc8b..a346f9543c 100644
--- a/scripts/base/init-frameworks-and-bifs.zeek
+++ b/scripts/base/init-frameworks-and-bifs.zeek
@@ -7,6 +7,8 @@
 @load base/frameworks/broker
 @load base/frameworks/supervisor
 @load base/frameworks/input
+@load base/frameworks/cluster
+@load base/frameworks/config
 @load base/frameworks/analyzer
 @load base/frameworks/files
 
diff --git a/testing/btest/Baseline/core.check-unused-event-handlers/.stderr b/testing/btest/Baseline/core.check-unused-event-handlers/.stderr
index 3058b00a05..d3db972878 100644
--- a/testing/btest/Baseline/core.check-unused-event-handlers/.stderr
+++ b/testing/btest/Baseline/core.check-unused-event-handlers/.stderr
@@ -1,6 +1,17 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 ### NOTE: This file has been sorted with diff-sort.
 warning in <...>/check-unused-event-handlers.test, line 7: handler for non-existing event cannot be invoked (this_is_never_used)
+warning in <params>, line 1: event handler never invoked: Control::configuration_update
+warning in <params>, line 1: event handler never invoked: Control::configuration_update_request
+warning in <params>, line 1: event handler never invoked: Control::configuration_update_response
+warning in <params>, line 1: event handler never invoked: Control::id_value_request
+warning in <params>, line 1: event handler never invoked: Control::id_value_response
+warning in <params>, line 1: event handler never invoked: Control::net_stats_request
+warning in <params>, line 1: event handler never invoked: Control::net_stats_response
+warning in <params>, line 1: event handler never invoked: Control::peer_status_request
+warning in <params>, line 1: event handler never invoked: Control::peer_status_response
+warning in <params>, line 1: event handler never invoked: Control::shutdown_request
+warning in <params>, line 1: event handler never invoked: Control::shutdown_response
 warning in <params>, line 1: event handler never invoked: InputConfig::new_value
 warning in <params>, line 1: event handler never invoked: InputRaw::process_finished
 warning in <params>, line 1: event handler never invoked: Supervisor::node_status
@@ -10,4 +21,5 @@ warning in <params>, line 1: event handler never invoked: SupervisorControl::res
 warning in <params>, line 1: event handler never invoked: SupervisorControl::status_request
 warning in <params>, line 1: event handler never invoked: SupervisorControl::stop_request
 warning in <params>, line 1: event handler never invoked: spicy_analyzer_for_mime_type
+warning in <params>, line 1: event handler never invoked: terminate_event
 warning in <params>, line 1: event handler never invoked: this_is_never_used
diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
index 429bc44f5a..bb6062a732 100644
--- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
@@ -114,8 +114,19 @@ scripts/base/init-frameworks-and-bifs.zeek
     scripts/base/frameworks/input/readers/binary.zeek
     scripts/base/frameworks/input/readers/config.zeek
     scripts/base/frameworks/input/readers/sqlite.zeek
+  scripts/base/frameworks/cluster/__load__.zeek
+    scripts/base/frameworks/cluster/main.zeek
+      scripts/base/frameworks/control/__load__.zeek
+        scripts/base/frameworks/control/main.zeek
+    scripts/base/frameworks/cluster/pools.zeek
+      scripts/base/utils/hash_hrw.zeek
+  scripts/base/frameworks/config/__load__.zeek
+    scripts/base/frameworks/config/main.zeek
+    scripts/base/frameworks/config/input.zeek
+    scripts/base/frameworks/config/weird.zeek
   scripts/base/frameworks/analyzer/__load__.zeek
     scripts/base/frameworks/analyzer/dpd.zeek
+    scripts/base/frameworks/analyzer/logging.zeek
   scripts/base/frameworks/files/__load__.zeek
     scripts/base/frameworks/files/main.zeek
       scripts/base/utils/site.zeek
diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
index f3ffa23d49..2724600cd8 100644
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@@ -114,8 +114,19 @@ scripts/base/init-frameworks-and-bifs.zeek
     scripts/base/frameworks/input/readers/binary.zeek
     scripts/base/frameworks/input/readers/config.zeek
     scripts/base/frameworks/input/readers/sqlite.zeek
+  scripts/base/frameworks/cluster/__load__.zeek
+    scripts/base/frameworks/cluster/main.zeek
+      scripts/base/frameworks/control/__load__.zeek
+        scripts/base/frameworks/control/main.zeek
+    scripts/base/frameworks/cluster/pools.zeek
+      scripts/base/utils/hash_hrw.zeek
+  scripts/base/frameworks/config/__load__.zeek
+    scripts/base/frameworks/config/main.zeek
+    scripts/base/frameworks/config/input.zeek
+    scripts/base/frameworks/config/weird.zeek
   scripts/base/frameworks/analyzer/__load__.zeek
     scripts/base/frameworks/analyzer/dpd.zeek
+    scripts/base/frameworks/analyzer/logging.zeek
   scripts/base/frameworks/files/__load__.zeek
     scripts/base/frameworks/files/main.zeek
       scripts/base/utils/site.zeek
@@ -263,7 +274,6 @@ scripts/base/init-default.zeek
   scripts/base/utils/email.zeek
   scripts/base/utils/files.zeek
   scripts/base/utils/geoip-distance.zeek
-  scripts/base/utils/hash_hrw.zeek
   scripts/base/utils/numbers.zeek
   scripts/base/utils/queue.zeek
   scripts/base/utils/strings.zeek
@@ -272,11 +282,6 @@ scripts/base/init-default.zeek
   scripts/base/utils/urls.zeek
   scripts/base/frameworks/notice/__load__.zeek
     scripts/base/frameworks/notice/main.zeek
-      scripts/base/frameworks/cluster/__load__.zeek
-        scripts/base/frameworks/cluster/main.zeek
-          scripts/base/frameworks/control/__load__.zeek
-            scripts/base/frameworks/control/main.zeek
-        scripts/base/frameworks/cluster/pools.zeek
     scripts/base/frameworks/notice/weird.zeek
     scripts/base/frameworks/notice/actions/email_admin.zeek
     scripts/base/frameworks/notice/actions/page.zeek
@@ -293,10 +298,6 @@ scripts/base/init-default.zeek
     scripts/base/frameworks/intel/main.zeek
     scripts/base/frameworks/intel/files.zeek
     scripts/base/frameworks/intel/input.zeek
-  scripts/base/frameworks/config/__load__.zeek
-    scripts/base/frameworks/config/main.zeek
-    scripts/base/frameworks/config/input.zeek
-    scripts/base/frameworks/config/weird.zeek
   scripts/base/frameworks/sumstats/__load__.zeek
     scripts/base/frameworks/sumstats/main.zeek
     scripts/base/frameworks/sumstats/plugins/__load__.zeek
diff --git a/testing/btest/Baseline/coverage.find-bro-logs/out b/testing/btest/Baseline/coverage.find-bro-logs/out
index 706fe856b3..f410d976ab 100644
--- a/testing/btest/Baseline/coverage.find-bro-logs/out
+++ b/testing/btest/Baseline/coverage.find-bro-logs/out
@@ -1,4 +1,5 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+analyzer
 broker
 capture_loss
 cluster
diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output
index 3ad9df3716..3ab46934ae 100644
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@@ -192,6 +192,7 @@
 0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ <init> SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::_] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::_] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(FilteredTraceDetection::should_detect, <null>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=analyzer, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=broker, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=cluster, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Config::LOG, [name=default, writer=Log::WRITER_ASCII, path=config, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
@@ -242,6 +243,7 @@
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker, policy=Broker::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster, policy=Cluster::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy, event_groups={}])) -> <no result>
@@ -291,7 +293,9 @@
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy, event_groups={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__enable_stream, <frame>, (Analyzer::Logging::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Analyzer::Logging::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
@@ -341,6 +345,7 @@
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Weird::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (X509::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (mysql::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Config::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
@@ -391,6 +396,7 @@
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Analyzer::Logging::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Broker::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Cluster::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Config::LOG, default)) -> <no result>
@@ -440,6 +446,7 @@
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (Weird::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (X509::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_stream_filters, <frame>, (mysql::LOG, default)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker, policy=Broker::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster, policy=Cluster::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy, event_groups={}])) -> <no result>
@@ -489,6 +496,7 @@
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy, event_groups={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy, event_groups={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::enable_stream, <frame>, (Analyzer::Logging::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::get_filter, <frame>, (SSL::LOG, default)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::log_stream_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>], PacketFilter::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>])) -> <no result>
@@ -497,6 +505,12 @@
 0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (ActiveHTTP::default_max_time, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (ActiveHTTP::default_method, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Analyzer::Logging::enable, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Analyzer::Logging::enable, lambda_<2645182068207650863>{ if (Analyzer::Logging::new_value) Log::enable_stream(Analyzer::Logging::LOG)elseLog::disable_stream(Analyzer::Logging::LOG)return (Analyzer::Logging::new_value)}, 0)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Analyzer::Logging::failure_data_max_size, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Analyzer::Logging::ignore_analyzers, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Analyzer::Logging::include_confirmations, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Analyzer::Logging::include_confirmations, lambda_<15261139872714441626>{ if (Analyzer::Logging::new_value) enable_event_group(Analyzer::Logging::include_confirmations)elsedisable_event_group(Analyzer::Logging::include_confirmations)return (Analyzer::Logging::new_value)}, 0)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_endpoint_name, Broker::update_metrics_export_endpoint_name{ Broker::__set_metrics_export_endpoint_name(Broker::val)return (Broker::val)}, 0)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_endpoint_name, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_interval, Broker::update_metrics_export_interval{ Broker::__set_metrics_export_interval(Broker::val)return (Broker::val)}, 0)) -> <no result>
@@ -733,13 +747,19 @@
 0.000000   MetaHookPost  CallFunction(bare_mode, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(cat, ..., ...) -> <no result>
 0.000000   MetaHookPost  CallFunction(current_time, <frame>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(disable_event_group, <frame>, (Analyzer::Logging::include_confirmations)) -> <no result>
+0.000000   MetaHookPost  CallFunction(enable_module_events, <frame>, (Analyzer::Logging)) -> <no result>
 0.000000   MetaHookPost  CallFunction(filter_change_tracking, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(getenv, <null>, (CLUSTER_NODE)) -> <no result>
 0.000000   MetaHookPost  CallFunction(getenv, <null>, (ZEEK_DEFAULT_LISTEN_ADDRESS)) -> <no result>
 0.000000   MetaHookPost  CallFunction(global_options, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(gsub, ..., ...) -> <no result>
+0.000000   MetaHookPost  CallFunction(has_event_group, <frame>, (Analyzer::Logging)) -> <no result>
+0.000000   MetaHookPost  CallFunction(has_module_events, <frame>, (Analyzer::Logging)) -> <no result>
 0.000000   MetaHookPost  CallFunction(is_file_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result>
 0.000000   MetaHookPost  CallFunction(is_packet_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result>
+0.000000   MetaHookPost  CallFunction(lambda_<15261139872714441626>, <frame>, (Analyzer::Logging::include_confirmations, F)) -> <no result>
+0.000000   MetaHookPost  CallFunction(lambda_<2645182068207650863>, <frame>, (Analyzer::Logging::enable, T)) -> <no result>
 0.000000   MetaHookPost  CallFunction(lstrip, ..., ...) -> <no result>
 0.000000   MetaHookPost  CallFunction(network_time, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(port_to_count, <frame>, (2123/udp)) -> <no result>
@@ -925,6 +945,7 @@
 0.000000   MetaHookPost  LoadFile(0, ./last, <...>/last.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./log, <...>/log.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./log-ocsp, <...>/log-ocsp.zeek) -> -1
+0.000000   MetaHookPost  LoadFile(0, ./logging, <...>/logging.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./logging.bif.zeek, <...>/logging.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./magic, <...>/magic) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./main, <...>/main.zeek) -> -1
@@ -1311,6 +1332,7 @@
 0.000000   MetaHookPost  LoadFileExtended(0, ./last, <...>/last.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./log, <...>/log.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./log-ocsp, <...>/log-ocsp.zeek) -> (-1, <no content>)
+0.000000   MetaHookPost  LoadFileExtended(0, ./logging, <...>/logging.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./logging.bif.zeek, <...>/logging.bif.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./magic, <...>/magic) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./main, <...>/main.zeek) -> (-1, <no content>)
@@ -1731,6 +1753,7 @@
 0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ <init> SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::_] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}]))
 0.000000   MetaHookPre   CallFunction(Files::register_protocol, <frame>, (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::_] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}]))
 0.000000   MetaHookPre   CallFunction(FilteredTraceDetection::should_detect, <null>, ())
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=analyzer, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=broker, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=cluster, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Config::LOG, [name=default, writer=Log::WRITER_ASCII, path=config, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
@@ -1781,6 +1804,7 @@
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker, policy=Broker::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster, policy=Cluster::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy, event_groups={}]))
@@ -1830,7 +1854,9 @@
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy, event_groups={}]))
+0.000000   MetaHookPre   CallFunction(Log::__enable_stream, <frame>, (Analyzer::Logging::LOG))
 0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>]))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Analyzer::Logging::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
@@ -1880,6 +1906,7 @@
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Weird::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (X509::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (mysql::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Config::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
@@ -1930,6 +1957,7 @@
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (X509::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
+0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Analyzer::Logging::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Broker::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Cluster::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Config::LOG, default))
@@ -1979,6 +2007,7 @@
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (Weird::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (X509::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::add_stream_filters, <frame>, (mysql::LOG, default))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker, policy=Broker::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster, policy=Cluster::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy, event_groups={}]))
@@ -2028,6 +2057,7 @@
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy, event_groups={}]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy, event_groups={}]))
+0.000000   MetaHookPre   CallFunction(Log::enable_stream, <frame>, (Analyzer::Logging::LOG))
 0.000000   MetaHookPre   CallFunction(Log::get_filter, <frame>, (SSL::LOG, default))
 0.000000   MetaHookPre   CallFunction(Log::log_stream_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>], PacketFilter::LOG))
 0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>]))
@@ -2036,6 +2066,12 @@
 0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (ActiveHTTP::default_max_time, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (ActiveHTTP::default_method, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Analyzer::Logging::enable, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Analyzer::Logging::enable, lambda_<2645182068207650863>{ if (Analyzer::Logging::new_value) Log::enable_stream(Analyzer::Logging::LOG)elseLog::disable_stream(Analyzer::Logging::LOG)return (Analyzer::Logging::new_value)}, 0))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Analyzer::Logging::failure_data_max_size, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Analyzer::Logging::ignore_analyzers, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Analyzer::Logging::include_confirmations, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Analyzer::Logging::include_confirmations, lambda_<15261139872714441626>{ if (Analyzer::Logging::new_value) enable_event_group(Analyzer::Logging::include_confirmations)elsedisable_event_group(Analyzer::Logging::include_confirmations)return (Analyzer::Logging::new_value)}, 0))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_endpoint_name, Broker::update_metrics_export_endpoint_name{ Broker::__set_metrics_export_endpoint_name(Broker::val)return (Broker::val)}, 0))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_endpoint_name, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Broker::metrics_export_interval, Broker::update_metrics_export_interval{ Broker::__set_metrics_export_interval(Broker::val)return (Broker::val)}, 0))
@@ -2272,13 +2308,19 @@
 0.000000   MetaHookPre   CallFunction(bare_mode, <null>, ())
 0.000000   MetaHookPre   CallFunction(cat, ..., ...)
 0.000000   MetaHookPre   CallFunction(current_time, <frame>, ())
+0.000000   MetaHookPre   CallFunction(disable_event_group, <frame>, (Analyzer::Logging::include_confirmations))
+0.000000   MetaHookPre   CallFunction(enable_module_events, <frame>, (Analyzer::Logging))
 0.000000   MetaHookPre   CallFunction(filter_change_tracking, <null>, ())
 0.000000   MetaHookPre   CallFunction(getenv, <null>, (CLUSTER_NODE))
 0.000000   MetaHookPre   CallFunction(getenv, <null>, (ZEEK_DEFAULT_LISTEN_ADDRESS))
 0.000000   MetaHookPre   CallFunction(global_options, <frame>, ())
 0.000000   MetaHookPre   CallFunction(gsub, ..., ...)
+0.000000   MetaHookPre   CallFunction(has_event_group, <frame>, (Analyzer::Logging))
+0.000000   MetaHookPre   CallFunction(has_module_events, <frame>, (Analyzer::Logging))
 0.000000   MetaHookPre   CallFunction(is_file_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS))
 0.000000   MetaHookPre   CallFunction(is_packet_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS))
+0.000000   MetaHookPre   CallFunction(lambda_<15261139872714441626>, <frame>, (Analyzer::Logging::include_confirmations, F))
+0.000000   MetaHookPre   CallFunction(lambda_<2645182068207650863>, <frame>, (Analyzer::Logging::enable, T))
 0.000000   MetaHookPre   CallFunction(lstrip, ..., ...)
 0.000000   MetaHookPre   CallFunction(network_time, <frame>, ())
 0.000000   MetaHookPre   CallFunction(port_to_count, <frame>, (2123/udp))
@@ -2464,6 +2506,7 @@
 0.000000   MetaHookPre   LoadFile(0, ./last, <...>/last.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./log, <...>/log.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./log-ocsp, <...>/log-ocsp.zeek)
+0.000000   MetaHookPre   LoadFile(0, ./logging, <...>/logging.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./logging.bif.zeek, <...>/logging.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./magic, <...>/magic)
 0.000000   MetaHookPre   LoadFile(0, ./main, <...>/main.zeek)
@@ -2850,6 +2893,7 @@
 0.000000   MetaHookPre   LoadFileExtended(0, ./last, <...>/last.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./log, <...>/log.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./log-ocsp, <...>/log-ocsp.zeek)
+0.000000   MetaHookPre   LoadFileExtended(0, ./logging, <...>/logging.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./logging.bif.zeek, <...>/logging.bif.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./magic, <...>/magic)
 0.000000   MetaHookPre   LoadFileExtended(0, ./main, <...>/main.zeek)
@@ -3269,6 +3313,7 @@
 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ <init> SMTP::c{ if (SMTP::f$source != SMTP) return ()for ([SMTP::_] in SMTP::f$conns) { return (SMTP::describe(SMTP::c$smtp))}return ()}}])
 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ <init> SSL::c{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::_] in SSL::f$conns) { if (SSL::c?$ssl) { return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial,  Subject: , SSL::f$info$x509$certificate$subject,  Issuer: , SSL::f$info$x509$certificate$issuer))}}])
 0.000000 | HookCallFunction FilteredTraceDetection::should_detect()
+0.000000 | HookCallFunction Log::__add_filter(Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=analyzer, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__add_filter(Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=broker, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=cluster, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__add_filter(Config::LOG, [name=default, writer=Log::WRITER_ASCII, path=config, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
@@ -3319,6 +3364,7 @@
 0.000000 | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=weird, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, path=x509, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::__add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, path=mysql, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
+0.000000 | HookCallFunction Log::__create_stream(Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}])
 0.000000 | HookCallFunction Log::__create_stream(Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker, policy=Broker::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster, policy=Cluster::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::__create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy, event_groups={}])
@@ -3368,7 +3414,9 @@
 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy, event_groups={}])
+0.000000 | HookCallFunction Log::__enable_stream(Analyzer::Logging::LOG)
 0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>])
+0.000000 | HookCallFunction Log::add_default_filter(Analyzer::Logging::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@@ -3418,6 +3466,7 @@
 0.000000 | HookCallFunction Log::add_default_filter(Weird::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(X509::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(mysql::LOG)
+0.000000 | HookCallFunction Log::add_filter(Analyzer::Logging::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::add_filter(Broker::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::add_filter(Config::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
@@ -3468,6 +3517,7 @@
 0.000000 | HookCallFunction Log::add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Log::add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
+0.000000 | HookCallFunction Log::add_stream_filters(Analyzer::Logging::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(Broker::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(Cluster::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(Config::LOG, default)
@@ -3517,6 +3567,7 @@
 0.000000 | HookCallFunction Log::add_stream_filters(Weird::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(X509::LOG, default)
 0.000000 | HookCallFunction Log::add_stream_filters(mysql::LOG, default)
+0.000000 | HookCallFunction Log::create_stream(Analyzer::Logging::LOG, [columns=Analyzer::Logging::Info, ev=<uninitialized>, path=analyzer, policy=Analyzer::Logging::log_policy, event_groups={Analyzer::Logging}])
 0.000000 | HookCallFunction Log::create_stream(Broker::LOG, [columns=Broker::Info, ev=<uninitialized>, path=broker, policy=Broker::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::create_stream(Cluster::LOG, [columns=Cluster::Info, ev=<uninitialized>, path=cluster, policy=Cluster::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::create_stream(Config::LOG, [columns=Config::Info, ev=Config::log_config, path=config, policy=Config::log_policy, event_groups={}])
@@ -3566,6 +3617,7 @@
 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy, event_groups={}])
 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy, event_groups={}])
+0.000000 | HookCallFunction Log::enable_stream(Analyzer::Logging::LOG)
 0.000000 | HookCallFunction Log::get_filter(SSL::LOG, default)
 0.000000 | HookCallFunction Log::log_stream_policy([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>], PacketFilter::LOG)
 0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=<uninitialized>])
@@ -3574,6 +3626,12 @@
 0.000000 | HookCallFunction Notice::want_pp()
 0.000000 | HookCallFunction Option::set_change_handler(ActiveHTTP::default_max_time, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(ActiveHTTP::default_method, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(Analyzer::Logging::enable, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(Analyzer::Logging::enable, lambda_<2645182068207650863>{ if (Analyzer::Logging::new_value) Log::enable_stream(Analyzer::Logging::LOG)elseLog::disable_stream(Analyzer::Logging::LOG)return (Analyzer::Logging::new_value)}, 0)
+0.000000 | HookCallFunction Option::set_change_handler(Analyzer::Logging::failure_data_max_size, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(Analyzer::Logging::ignore_analyzers, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(Analyzer::Logging::include_confirmations, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(Analyzer::Logging::include_confirmations, lambda_<15261139872714441626>{ if (Analyzer::Logging::new_value) enable_event_group(Analyzer::Logging::include_confirmations)elsedisable_event_group(Analyzer::Logging::include_confirmations)return (Analyzer::Logging::new_value)}, 0)
 0.000000 | HookCallFunction Option::set_change_handler(Broker::metrics_export_endpoint_name, Broker::update_metrics_export_endpoint_name{ Broker::__set_metrics_export_endpoint_name(Broker::val)return (Broker::val)}, 0)
 0.000000 | HookCallFunction Option::set_change_handler(Broker::metrics_export_endpoint_name, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Broker::metrics_export_interval, Broker::update_metrics_export_interval{ Broker::__set_metrics_export_interval(Broker::val)return (Broker::val)}, 0)
@@ -3810,13 +3868,19 @@
 0.000000 | HookCallFunction bare_mode()
 0.000000 | HookCallFunction cat(...)
 0.000000 | HookCallFunction current_time()
+0.000000 | HookCallFunction disable_event_group(Analyzer::Logging::include_confirmations)
+0.000000 | HookCallFunction enable_module_events(Analyzer::Logging)
 0.000000 | HookCallFunction filter_change_tracking()
 0.000000 | HookCallFunction getenv(CLUSTER_NODE)
 0.000000 | HookCallFunction getenv(ZEEK_DEFAULT_LISTEN_ADDRESS)
 0.000000 | HookCallFunction global_options()
 0.000000 | HookCallFunction gsub(...)
+0.000000 | HookCallFunction has_event_group(Analyzer::Logging)
+0.000000 | HookCallFunction has_module_events(Analyzer::Logging)
 0.000000 | HookCallFunction is_file_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)
 0.000000 | HookCallFunction is_packet_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)
+0.000000 | HookCallFunction lambda_<15261139872714441626>(Analyzer::Logging::include_confirmations, F)
+0.000000 | HookCallFunction lambda_<2645182068207650863>(Analyzer::Logging::enable, T)
 0.000000 | HookCallFunction lstrip(...)
 0.000000 | HookCallFunction network_time()
 0.000000 | HookCallFunction port_to_count(2123/udp)
@@ -4011,6 +4075,7 @@
 0.000000 | HookLoadFile  ./libmagic <...>/libmagic.sig
 0.000000 | HookLoadFile  ./log <...>/log.zeek
 0.000000 | HookLoadFile  ./log-ocsp <...>/log-ocsp.zeek
+0.000000 | HookLoadFile  ./logging <...>/logging.zeek
 0.000000 | HookLoadFile  ./logging.bif.zeek <...>/logging.bif.zeek
 0.000000 | HookLoadFile  ./magic <...>/magic
 0.000000 | HookLoadFile  ./main <...>/main.zeek
@@ -4397,6 +4462,7 @@
 0.000000 | HookLoadFileExtended ./libmagic <...>/libmagic.sig
 0.000000 | HookLoadFileExtended ./log <...>/log.zeek
 0.000000 | HookLoadFileExtended ./log-ocsp <...>/log-ocsp.zeek
+0.000000 | HookLoadFileExtended ./logging <...>/logging.zeek
 0.000000 | HookLoadFileExtended ./logging.bif.zeek <...>/logging.bif.zeek
 0.000000 | HookLoadFileExtended ./magic <...>/magic
 0.000000 | HookLoadFileExtended ./main <...>/main.zeek
diff --git a/testing/btest/Baseline/plugins.writer/output b/testing/btest/Baseline/plugins.writer/output
index 95cc5caef2..1642095d4d 100644
--- a/testing/btest/Baseline/plugins.writer/output
+++ b/testing/btest/Baseline/plugins.writer/output
@@ -3,6 +3,14 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0.0)
     [Writer] Foo (Log::WRITER_FOO)
 
 ===
+[analyzer] XXXXXXXXXX.XXXXXX|violation|protocol|DCE_RPC|ClEkJM2Vm5giqnMf4h|-|10.0.0.55|53994|60.190.189.214|8124|Binpac exception: binpac exception: out_of_bound: DCE_RPC_PDU:frag: -2665 > 31|-
+[analyzer] XXXXXXXXXX.XXXXXX|violation|protocol|DCE_RPC|ClEkJM2Vm5giqnMf4h|-|10.0.0.55|53994|60.190.189.214|8124|Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers|-
+[analyzer] XXXXXXXXXX.XXXXXX|violation|protocol|DCE_RPC|ClEkJM2Vm5giqnMf4h|-|10.0.0.55|53994|60.190.189.214|8124|Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers|-
+[analyzer] XXXXXXXXXX.XXXXXX|violation|protocol|DCE_RPC|ClEkJM2Vm5giqnMf4h|-|10.0.0.55|53994|60.190.189.214|8124|Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers|-
+[analyzer] XXXXXXXXXX.XXXXXX|violation|protocol|DCE_RPC|ClEkJM2Vm5giqnMf4h|-|10.0.0.55|53994|60.190.189.214|8124|Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers|-
+[analyzer] XXXXXXXXXX.XXXXXX|violation|protocol|DCE_RPC|ClEkJM2Vm5giqnMf4h|-|10.0.0.55|53994|60.190.189.214|8124|Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers|-
+[analyzer] XXXXXXXXXX.XXXXXX|violation|protocol|DCE_RPC|ClEkJM2Vm5giqnMf4h|-|10.0.0.55|53994|60.190.189.214|8124|Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers|-
+[analyzer] XXXXXXXXXX.XXXXXX|violation|protocol|DCE_RPC|ClEkJM2Vm5giqnMf4h|-|10.0.0.55|53994|60.190.189.214|8124|Binpac exception: binpac exception: &enforce violation : DCE_RPC_Header:rpc_vers|-
 [conn] XXXXXXXXXX.XXXXXX|CHhAvVGS1DHFjwGM9|10.0.0.55|53994|60.190.189.214|8124|tcp|-|4.314406|0|0|S0|-|-|0|S|5|320|0|0|-
 [conn] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|tcp|http,socks|13.839419|3860|2934|SF|-|-|0|ShADadfF|23|5080|20|3986|-
 [conn] XXXXXXXXXX.XXXXXX|C4J4Th3PJpwUYZZ6gc|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
diff --git a/testing/btest/Baseline/scripts.base.frameworks.analyzer.logging/analyzer.log-include-confirmations b/testing/btest/Baseline/scripts.base.frameworks.analyzer.logging/analyzer.log-include-confirmations
new file mode 100644
index 0000000000..499b7c0d51
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.analyzer.logging/analyzer.log-include-confirmations
@@ -0,0 +1,46 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	analyzer
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	cause	analyzer_kind	analyzer_name	uid	fuid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	failure_reason	failure_data
+#types	time	string	string	string	string	string	addr	port	addr	port	string	string
+XXXXXXXXXX.XXXXXX	violation	packet	TEREDO	CHhAvVGS1DHFjwGM9	-	141.142.220.202	5353	224.0.0.251	5353	Bad Teredo encapsulation	\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x06gemini\x09_sftp-ssh\x04_tcp\x05lo
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	CHhAvVGS1DHFjwGM9	-	141.142.220.202	5353	224.0.0.251	5353	-	-
+XXXXXXXXXX.XXXXXX	violation	packet	TEREDO	ClEkJM2Vm5giqnMf4h	-	fe80::217:f2ff:fed7:cf65	5353	ff02::fb	5353	Bad Teredo encapsulation	\x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x04\x06gemini\x09_sftp-ssh\x04_tcp\x05local
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	ClEkJM2Vm5giqnMf4h	-	fe80::217:f2ff:fed7:cf65	5353	ff02::fb	5353	-	-
+XXXXXXXXXX.XXXXXX	violation	packet	TEREDO	C4J4Th3PJpwUYZZ6gc	-	141.142.220.50	5353	224.0.0.251	5353	Bad Teredo encapsulation	\x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x04\x06gemini\x09_sftp-ssh\x04_tcp\x05local
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	C4J4Th3PJpwUYZZ6gc	-	141.142.220.50	5353	224.0.0.251	5353	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	HTTP	CUM0KZ3MLUfNB0cl11	-	141.142.220.118	48649	208.80.152.118	80	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	CmES5u32sYpV7JYN	-	141.142.220.118	43927	141.142.2.2	53	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	CP5puj4I8PtEU4qzYg	-	141.142.220.118	37676	141.142.2.2	53	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	C37jN32gN3y3AZzyf6	-	141.142.220.118	40526	141.142.2.2	53	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	C0LAHyvtKSQHyJxIl	-	141.142.220.118	32902	141.142.2.2	53	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	CFLRIC3zaTU1loLGxh	-	141.142.220.118	59816	141.142.2.2	53	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	C9rXSW3KSpTYvPrlI1	-	141.142.220.118	59714	141.142.2.2	53	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	C9mvWx3ezztgzcexV7	-	141.142.220.118	58206	141.142.2.2	53	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	CNnMIj2QSd84NKf7U3	-	141.142.220.118	38911	141.142.2.2	53	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	C7fIlMZDuRiqjpYbb	-	141.142.220.118	59746	141.142.2.2	53	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	CpmdRlaUoJLN3uIRa	-	141.142.220.118	45000	141.142.2.2	53	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	C1Xkzz2MaGtLrc1Tla	-	141.142.220.118	48479	141.142.2.2	53	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	CqlVyW1YwZ15RhTBc4	-	141.142.220.118	48128	141.142.2.2	53	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	CBA8792iHmnhPLksKa	-	141.142.220.118	56056	141.142.2.2	53	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	CGLPPc35OzDQij1XX8	-	141.142.220.118	55092	141.142.2.2	53	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	HTTP	CwjjYJ2WqgTbAqiHl6	-	141.142.220.118	49997	208.80.152.3	80	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	HTTP	C3eiCBGOLw3VtHfOj	-	141.142.220.118	49996	208.80.152.3	80	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	HTTP	Ck51lg1bScffFj34Ri	-	141.142.220.118	49998	208.80.152.3	80	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	HTTP	CykQaM33ztNt0csB9a	-	141.142.220.118	49999	208.80.152.3	80	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	HTTP	CtxTCR2Yer0FR1tIBg	-	141.142.220.118	50000	208.80.152.3	80	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	HTTP	CLNN1k2QMum1aexUK7	-	141.142.220.118	50001	208.80.152.3	80	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	HTTP	CiyBAq1bBLNaTiTAc	-	141.142.220.118	35642	208.80.152.2	80	-	-
+XXXXXXXXXX.XXXXXX	violation	packet	TEREDO	Cipfzj1BEnhejw8cGf	-	141.142.220.44	5353	224.0.0.251	5353	Bad Teredo encapsulation	\x00\x00\x00\x00\x00\x01\x00\x01\x00\x00\x00\x00\x05gomez\x09_sftp-ssh\x04_tcp\x05local\x00
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	Cipfzj1BEnhejw8cGf	-	141.142.220.44	5353	224.0.0.251	5353	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	CV5WJ42jPYbNW9JNWf	-	141.142.220.226	137	141.142.220.255	137	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	CPhDKt12KQPUVbQz06	-	fe80::3074:17d5:2052:c324	65373	ff02::1:3	5355	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	CAnFrb2Cvxr5T7quOc	-	141.142.220.226	55131	224.0.0.252	5355	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	C8rquZ3DjgNW06JGLl	-	fe80::3074:17d5:2052:c324	54213	ff02::1:3	5355	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	CzrZOtXqhwwndQva3	-	141.142.220.226	55671	224.0.0.252	5355	-	-
+XXXXXXXXXX.XXXXXX	confirmation	protocol	DNS	CaGCc13FffXe6RkQl9	-	141.142.220.238	56641	141.142.220.255	137	-	-
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.base.frameworks.analyzer.logging/analyzer.log-no-confirmations b/testing/btest/Baseline/scripts.base.frameworks.analyzer.logging/analyzer.log-no-confirmations
new file mode 100644
index 0000000000..a94122aa0c
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.analyzer.logging/analyzer.log-no-confirmations
@@ -0,0 +1,14 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	analyzer
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	cause	analyzer_kind	analyzer_name	uid	fuid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	failure_reason	failure_data
+#types	time	string	string	string	string	string	addr	port	addr	port	string	string
+XXXXXXXXXX.XXXXXX	violation	packet	TEREDO	CHhAvVGS1DHFjwGM9	-	141.142.220.202	5353	224.0.0.251	5353	Bad Teredo encapsulation	\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x06gemini\x09_sftp-ssh\x04_tcp\x05lo
+XXXXXXXXXX.XXXXXX	violation	packet	TEREDO	ClEkJM2Vm5giqnMf4h	-	fe80::217:f2ff:fed7:cf65	5353	ff02::fb	5353	Bad Teredo encapsulation	\x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x04\x06gemini\x09_sftp-ssh\x04_tcp\x05local
+XXXXXXXXXX.XXXXXX	violation	packet	TEREDO	C4J4Th3PJpwUYZZ6gc	-	141.142.220.50	5353	224.0.0.251	5353	Bad Teredo encapsulation	\x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x04\x06gemini\x09_sftp-ssh\x04_tcp\x05local
+XXXXXXXXXX.XXXXXX	violation	packet	TEREDO	Cipfzj1BEnhejw8cGf	-	141.142.220.44	5353	224.0.0.251	5353	Bad Teredo encapsulation	\x00\x00\x00\x00\x00\x01\x00\x01\x00\x00\x00\x00\x05gomez\x09_sftp-ssh\x04_tcp\x05local\x00
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/scripts/base/frameworks/analyzer/logging.zeek b/testing/btest/scripts/base/frameworks/analyzer/logging.zeek
new file mode 100644
index 0000000000..02e5525374
--- /dev/null
+++ b/testing/btest/scripts/base/frameworks/analyzer/logging.zeek
@@ -0,0 +1,11 @@
+# @TEST-EXEC: zeek -b  -r ${TRACES}/wikipedia.trace %INPUT
+# @TEST-EXEC: mv analyzer.log analyzer.log-no-confirmations
+# @TEST-EXEC: btest-diff analyzer.log-no-confirmations
+
+# @TEST-EXEC: zeek -b  -r ${TRACES}/wikipedia.trace %INPUT Analyzer::Logging::include_confirmations=T
+# @TEST-EXEC: mv analyzer.log analyzer.log-include-confirmations
+# @TEST-EXEC: btest-diff analyzer.log-include-confirmations
+
+@load base/protocols/conn
+@load base/protocols/dns
+@load base/protocols/http
diff --git a/testing/external/commit-hash.zeek-testing b/testing/external/commit-hash.zeek-testing
index ef4a886d68..2899662d35 100644
--- a/testing/external/commit-hash.zeek-testing
+++ b/testing/external/commit-hash.zeek-testing
@@ -1 +1 @@
-12af5c4f227b99a8424e8ef00ae6611b8b767e4c
+8a43279ceeee0564cbe80be7df1d07e3523de099
diff --git a/testing/external/commit-hash.zeek-testing-private b/testing/external/commit-hash.zeek-testing-private
index cde37365b7..23ad1303af 100644
--- a/testing/external/commit-hash.zeek-testing-private
+++ b/testing/external/commit-hash.zeek-testing-private
@@ -1 +1 @@
-c5baa53031ef55c986f3a691cdb29fb310afbccc
+f0526cd3c476a0534b513b298a173d1e89acc7f7
diff --git a/testing/external/scripts/testing-setup.zeek b/testing/external/scripts/testing-setup.zeek
index 8fa050895e..b80e31e1c1 100644
--- a/testing/external/scripts/testing-setup.zeek
+++ b/testing/external/scripts/testing-setup.zeek
@@ -22,3 +22,8 @@ hook Telemetry::log_policy(rec: Telemetry::Info, id: Log::ID, filter: Log::Filte
 	if ( rec$prefix == "zeek" && rec$name == "version_info" )
 		break;
 	}
+
+# The IMAP analyzer includes absolute filenames in its error messages,
+# exclude it for now from analyzer.log.
+# https://github.com/zeek/zeek/issues/2659
+redef Analyzer::Logging::ignore_analyzers += { Analyzer::ANALYZER_IMAP };