diff --git a/scripts/base/protocols/ldap/main.zeek b/scripts/base/protocols/ldap/main.zeek
index e4453f58c6..02dd6307c2 100644
--- a/scripts/base/protocols/ldap/main.zeek
+++ b/scripts/base/protocols/ldap/main.zeek
@@ -46,9 +46,6 @@ export {
     # The connection's 4-tuple of endpoint addresses/ports.
     id: conn_id &log;
 
-    # transport protocol
-    proto: string &log &optional;
-
     # Message ID
     message_id: int &log &optional;
 
@@ -84,9 +81,6 @@ export {
     # The connection's 4-tuple of endpoint addresses/ports.
     id: conn_id &log;
 
-    # transport protocol
-    proto: string &log &optional;
-
     # Message ID
     message_id: int &log &optional;
 
@@ -148,7 +142,6 @@ global OPCODES_SEARCH: set[LDAP::ProtocolOpcode] = { LDAP::ProtocolOpcode_SEARCH
 
 #############################################################################
 redef record connection += {
-  ldap_proto: string &optional;
   ldap_messages: table[int] of MessageInfo &optional;
   ldap_searches: table[int] of SearchInfo &optional;
 };
@@ -185,28 +178,8 @@ function set_session(c: connection, message_id: int, opcode: LDAP::ProtocolOpcod
                                    $id=c$id,
                                    $message_id=message_id];
   }
-
 }
 
-#############################################################################
-@if (Version::at_least("5.2.0"))
-event analyzer_confirmation_info(atype: AllAnalyzers::Tag, info: AnalyzerConfirmationInfo) {
-  if ( atype == Analyzer::ANALYZER_LDAP_TCP ) {
-    info$c$ldap_proto = "tcp";
-  }
-}
-@else @if (Version::at_least("4.2.0"))
-event analyzer_confirmation(c: connection, atype: AllAnalyzers::Tag, aid: count) {
-@else
-event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) {
-@endif
-
-  if ( atype == Analyzer::ANALYZER_LDAP_TCP ) {
-    c$ldap_proto = "tcp";
-  }
-
-}
-@endif
 #############################################################################
 event LDAP::message(c: connection,
                     message_id: int,
@@ -234,9 +207,6 @@ event LDAP::message(c: connection,
       searches$diagnostic_messages += diagnostic_message;
     }
 
-    if (( ! searches?$proto ) && c?$ldap_proto)
-      searches$proto = c$ldap_proto;
-
     Log::write(LDAP::LDAP_SEARCH_LOG, searches);
     delete c$ldap_searches[message_id];
 
@@ -284,9 +254,6 @@ event LDAP::message(c: connection,
         delete messages$opcodes[PROTOCOL_OPCODES[LDAP::ProtocolOpcode_BIND_REQUEST]];
       }
 
-      if (( ! messages?$proto ) && c?$ldap_proto)
-        messages$proto = c$ldap_proto;
-
       Log::write(LDAP::LDAP_LOG, messages);
       delete c$ldap_messages[message_id];
     }
@@ -379,9 +346,6 @@ hook finalize_ldap(c: connection) {
           delete m$opcodes[PROTOCOL_OPCODES[LDAP::ProtocolOpcode_BIND_REQUEST]];
         }
 
-        if (( ! m?$proto ) && c?$ldap_proto)
-          m$proto = c$ldap_proto;
-
         Log::write(LDAP::LDAP_LOG, m);
       }
     }
@@ -391,10 +355,6 @@ hook finalize_ldap(c: connection) {
   if ( c?$ldap_searches && (|c$ldap_searches| > 0) ) {
     for ( [mid], s in c$ldap_searches ) {
       if (mid > 0) {
-
-        if (( ! s?$proto ) && c?$ldap_proto)
-          s$proto = c$ldap_proto;
-
         Log::write(LDAP::LDAP_SEARCH_LOG, s);
       }
     }
diff --git a/testing/btest/Baseline/coverage.record-fields/out.default b/testing/btest/Baseline/coverage.record-fields/out.default
index 6c054e555f..2d238e9489 100644
--- a/testing/btest/Baseline/coverage.record-fields/out.default
+++ b/testing/btest/Baseline/coverage.record-fields/out.default
@@ -369,13 +369,11 @@ connection {
         * message_id: int, log=T, optional=T
         * objects: vector of string, log=T, optional=T
         * opcodes: set[string], log=T, optional=T
-        * proto: string, log=T, optional=T
         * results: set[string], log=T, optional=T
         * ts: time, log=T, optional=F
         * uid: string, log=T, optional=F
         * version: int, log=T, optional=T
        }
-  * ldap_proto: string, log=F, optional=T
   * ldap_searches: table[int] of record LDAP::SearchInfo, log=F, optional=T
       LDAP::SearchInfo {
         * attributes: vector of string, log=T, optional=T
@@ -386,7 +384,6 @@ connection {
         * id: record conn_id, log=T, optional=F
             conn_id { ... }
         * message_id: int, log=T, optional=T
-        * proto: string, log=T, optional=T
         * result_count: count, log=T, optional=T
         * results: set[string], log=T, optional=T
         * scopes: set[string], log=T, optional=T
diff --git a/testing/btest/Baseline/scripts.base.protocols.ldap.attributes/ldap.log b/testing/btest/Baseline/scripts.base.protocols.ldap.attributes/ldap.log
index 035015d428..281b0cbcd1 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ldap.attributes/ldap.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ldap.attributes/ldap.log
@@ -5,8 +5,8 @@
 #unset_field	-
 #path	ldap
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	message_id	version	opcodes	results	diagnostic_messages	objects	arguments
-#types	time	string	addr	port	addr	port	string	int	int	set[string]	set[string]	vector[string]	vector[string]	vector[string]
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	3268	tcp	1	3	bind simple	success	-	xxxxxxxxxxx@xx.xxx.xxxxx.net	REDACTED
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	3268	tcp	3	3	bind simple	success	-	CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net	REDACTED
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	message_id	version	opcodes	results	diagnostic_messages	objects	arguments
+#types	time	string	addr	port	addr	port	int	int	set[string]	set[string]	vector[string]	vector[string]	vector[string]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	3268	1	3	bind simple	success	-	xxxxxxxxxxx@xx.xxx.xxxxx.net	REDACTED
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	3268	3	3	bind simple	success	-	CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net	REDACTED
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.base.protocols.ldap.attributes/ldap_search.log b/testing/btest/Baseline/scripts.base.protocols.ldap.attributes/ldap_search.log
index 7ddae0eedc..018acb7c16 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ldap.attributes/ldap_search.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ldap.attributes/ldap_search.log
@@ -5,7 +5,7 @@
 #unset_field	-
 #path	ldap_search
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	message_id	scopes	derefs	base_objects	result_count	results	diagnostic_messages	filter	attributes
-#types	time	string	addr	port	addr	port	string	int	set[string]	set[string]	vector[string]	count	set[string]	vector[string]	string	vector[string]
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	3268	tcp	2	tree	always	DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net	1	success	-	(&(objectclass=*)(sAMAccountName=xxxxxxxx))	sAMAccountName
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	message_id	scopes	derefs	base_objects	result_count	results	diagnostic_messages	filter	attributes
+#types	time	string	addr	port	addr	port	int	set[string]	set[string]	vector[string]	count	set[string]	vector[string]	string	vector[string]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	3268	2	tree	always	DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net	1	success	-	(&(objectclass=*)(sAMAccountName=xxxxxxxx))	sAMAccountName
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.base.protocols.ldap.basic/ldap.log b/testing/btest/Baseline/scripts.base.protocols.ldap.basic/ldap.log
index 035015d428..281b0cbcd1 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ldap.basic/ldap.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ldap.basic/ldap.log
@@ -5,8 +5,8 @@
 #unset_field	-
 #path	ldap
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	message_id	version	opcodes	results	diagnostic_messages	objects	arguments
-#types	time	string	addr	port	addr	port	string	int	int	set[string]	set[string]	vector[string]	vector[string]	vector[string]
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	3268	tcp	1	3	bind simple	success	-	xxxxxxxxxxx@xx.xxx.xxxxx.net	REDACTED
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	3268	tcp	3	3	bind simple	success	-	CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net	REDACTED
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	message_id	version	opcodes	results	diagnostic_messages	objects	arguments
+#types	time	string	addr	port	addr	port	int	int	set[string]	set[string]	vector[string]	vector[string]	vector[string]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	3268	1	3	bind simple	success	-	xxxxxxxxxxx@xx.xxx.xxxxx.net	REDACTED
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	3268	3	3	bind simple	success	-	CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net	REDACTED
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.base.protocols.ldap.basic/ldap_search.log b/testing/btest/Baseline/scripts.base.protocols.ldap.basic/ldap_search.log
index 0950708786..33922f0dea 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ldap.basic/ldap_search.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ldap.basic/ldap_search.log
@@ -5,7 +5,7 @@
 #unset_field	-
 #path	ldap_search
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	message_id	scopes	derefs	base_objects	result_count	results	diagnostic_messages	filter	attributes
-#types	time	string	addr	port	addr	port	string	int	set[string]	set[string]	vector[string]	count	set[string]	vector[string]	string	vector[string]
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	3268	tcp	2	tree	always	DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net	1	success	-	(&(objectclass=*)(sAMAccountName=xxxxxxxx))	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	message_id	scopes	derefs	base_objects	result_count	results	diagnostic_messages	filter	attributes
+#types	time	string	addr	port	addr	port	int	set[string]	set[string]	vector[string]	count	set[string]	vector[string]	string	vector[string]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	3268	2	tree	always	DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net	1	success	-	(&(objectclass=*)(sAMAccountName=xxxxxxxx))	-
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.base.protocols.ldap.diff_port/ldap.log b/testing/btest/Baseline/scripts.base.protocols.ldap.diff_port/ldap.log
index b0986d5cb3..4661b1bf3f 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ldap.diff_port/ldap.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ldap.diff_port/ldap.log
@@ -5,8 +5,8 @@
 #unset_field	-
 #path	ldap
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	message_id	version	opcodes	results	diagnostic_messages	objects	arguments
-#types	time	string	addr	port	addr	port	string	int	int	set[string]	set[string]	vector[string]	vector[string]	vector[string]
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	32681	tcp	1	3	bind simple	success	-	xxxxxxxxxxx@xx.xxx.xxxxx.net	REDACTED
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	32681	tcp	3	3	bind simple	success	-	CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net	REDACTED
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	message_id	version	opcodes	results	diagnostic_messages	objects	arguments
+#types	time	string	addr	port	addr	port	int	int	set[string]	set[string]	vector[string]	vector[string]	vector[string]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	32681	1	3	bind simple	success	-	xxxxxxxxxxx@xx.xxx.xxxxx.net	REDACTED
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	32681	3	3	bind simple	success	-	CN=xxxxxxxx\x2cOU=Users\x2cOU=Accounts\x2cDC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net	REDACTED
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.base.protocols.ldap.diff_port/ldap_search.log b/testing/btest/Baseline/scripts.base.protocols.ldap.diff_port/ldap_search.log
index ce8ef1ccab..4bb7c32ec7 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ldap.diff_port/ldap_search.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ldap.diff_port/ldap_search.log
@@ -5,7 +5,7 @@
 #unset_field	-
 #path	ldap_search
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	message_id	scopes	derefs	base_objects	result_count	results	diagnostic_messages	filter	attributes
-#types	time	string	addr	port	addr	port	string	int	set[string]	set[string]	vector[string]	count	set[string]	vector[string]	string	vector[string]
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	32681	tcp	2	tree	always	DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net	1	success	-	(&(objectclass=*)(sAMAccountName=xxxxxxxx))	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	message_id	scopes	derefs	base_objects	result_count	results	diagnostic_messages	filter	attributes
+#types	time	string	addr	port	addr	port	int	set[string]	set[string]	vector[string]	count	set[string]	vector[string]	string	vector[string]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.0.0.1	25936	10.0.0.2	32681	2	tree	always	DC=xx\x2cDC=xxx\x2cDC=xxxxx\x2cDC=net	1	success	-	(&(objectclass=*)(sAMAccountName=xxxxxxxx))	-
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.base.protocols.ldap.sasl-encrypted/ldap.log b/testing/btest/Baseline/scripts.base.protocols.ldap.sasl-encrypted/ldap.log
index 3f3e88269b..e38f28a9f7 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ldap.sasl-encrypted/ldap.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ldap.sasl-encrypted/ldap.log
@@ -5,7 +5,7 @@
 #unset_field	-
 #path	ldap
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	message_id	version	opcodes	results	diagnostic_messages	objects	arguments
-#types	time	string	addr	port	addr	port	string	int	int	set[string]	set[string]	vector[string]	vector[string]	vector[string]
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	172.31.1.104	3116	172.31.1.101	389	tcp	215	3	bind SASL	success	-	-	GSS-SPNEGO
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	message_id	version	opcodes	results	diagnostic_messages	objects	arguments
+#types	time	string	addr	port	addr	port	int	int	set[string]	set[string]	vector[string]	vector[string]	vector[string]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	172.31.1.104	3116	172.31.1.101	389	215	3	bind SASL	success	-	-	GSS-SPNEGO
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.base.protocols.ldap.sasl-encrypted/ldap_search.log b/testing/btest/Baseline/scripts.base.protocols.ldap.sasl-encrypted/ldap_search.log
index f1d2a151c9..f2fd183303 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ldap.sasl-encrypted/ldap_search.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ldap.sasl-encrypted/ldap_search.log
@@ -5,7 +5,7 @@
 #unset_field	-
 #path	ldap_search
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	message_id	scopes	derefs	base_objects	result_count	results	diagnostic_messages	filter	attributes
-#types	time	string	addr	port	addr	port	string	int	set[string]	set[string]	vector[string]	count	set[string]	vector[string]	string	vector[string]
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	172.31.1.104	3116	172.31.1.101	389	tcp	213	base	never	-	1	success	-	(objectclass=*)	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	message_id	scopes	derefs	base_objects	result_count	results	diagnostic_messages	filter	attributes
+#types	time	string	addr	port	addr	port	int	set[string]	set[string]	vector[string]	count	set[string]	vector[string]	string	vector[string]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	172.31.1.104	3116	172.31.1.101	389	213	base	never	-	1	success	-	(objectclass=*)	-
 #close XXXX-XX-XX-XX-XX-XX