diff --git a/CHANGES b/CHANGES
index 10e5f073df..cfacf2dc83 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,13 @@
+8.0.0-dev.734 | 2025-07-24 07:55:31 +0100
+
+  * PPPoE: add session id logging (Johanna Amann, Corelight)
+
+    This adds a new PacketAnalyzer::PPPoE::session_id bif, which extracts
+    the PPPoE session ID from the current packet.
+
+    Furthermore, a new policy script is added which adds the pppoe session
+    id to the connection log.
+
 8.0.0-dev.730 | 2025-07-23 15:26:08 -0700
 
   * Fix a few other minor issues reported by Coverity (Tim Wojtulewicz, Corelight)
diff --git a/NEWS b/NEWS
index 4d6ec7048e..b11090acc4 100644
--- a/NEWS
+++ b/NEWS
@@ -268,6 +268,12 @@ New Functionality
   up traditional connection monitoring without introducing overhead for connections that
   would never reach a larger threshold anyway.
 
+- Zeek now supports extracting the PPPoE session ID. The ``PacketAnalyzer::PPPoE::session_id``
+  BiF can be used to get the session ID of the current packet.
+
+  The ``onn/pppoe-session-id-logging.zeek`` policy script adds pppoe session IDs to the
+  connection log.
+
 Changed Functionality
 ---------------------
 
diff --git a/VERSION b/VERSION
index 19b4155f15..f0f41c22c0 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-8.0.0-dev.730
+8.0.0-dev.734
diff --git a/scripts/policy/protocols/conn/pppoe-session-id-logging.zeek b/scripts/policy/protocols/conn/pppoe-session-id-logging.zeek
new file mode 100644
index 0000000000..1adbb0ae37
--- /dev/null
+++ b/scripts/policy/protocols/conn/pppoe-session-id-logging.zeek
@@ -0,0 +1,27 @@
+##! This script adds PPPoE session ID information to the connection log.
+
+@load base/protocols/conn
+
+module Conn;
+
+redef record Info += {
+	## The PPPoE session id, if applicable for this connection.
+	pppoe_session_id: count &log &optional;
+};
+
+# Add the PPPoE session ID to the Conn::Info structure. We have to do this right
+# at the beginning, while we are handling a packet.
+event new_connection(c: connection)
+	{
+	local session_id = PacketAnalyzer::PPPoE::session_id();
+
+	# no session ID
+	if ( session_id == 0xFFFFFFFF )
+		return;
+
+	# FIXME: remove when GH-4688 is merged
+	set_conn(c, F);
+
+	c$conn$pppoe_session_id = session_id;
+	}
+
diff --git a/scripts/test-all-policy.zeek b/scripts/test-all-policy.zeek
index cc22fd4e55..3aa07c1c8d 100644
--- a/scripts/test-all-policy.zeek
+++ b/scripts/test-all-policy.zeek
@@ -113,6 +113,7 @@
 @load protocols/conn/known-services.zeek
 @load protocols/conn/mac-logging.zeek
 @load protocols/conn/vlan-logging.zeek
+@load protocols/conn/pppoe-session-id-logging.zeek
 @load protocols/conn/weirds.zeek
 #@load frameworks/conn_key/vlan_fivetuple.zeek
 #@load protocols/conn/speculative-service.zeek
diff --git a/src/packet_analysis/protocol/pppoe/CMakeLists.txt b/src/packet_analysis/protocol/pppoe/CMakeLists.txt
index b549cf4d1a..cdf53bc58c 100644
--- a/src/packet_analysis/protocol/pppoe/CMakeLists.txt
+++ b/src/packet_analysis/protocol/pppoe/CMakeLists.txt
@@ -1,3 +1,4 @@
 zeek_add_plugin(
-    PacketAnalyzer PPPoE
-    SOURCES PPPoE.cc Plugin.cc)
+    Zeek PPPoE
+    SOURCES PPPoE.cc Plugin.cc
+    BIFS functions.bif)
diff --git a/src/packet_analysis/protocol/pppoe/functions.bif b/src/packet_analysis/protocol/pppoe/functions.bif
new file mode 100644
index 0000000000..1786d0d74b
--- /dev/null
+++ b/src/packet_analysis/protocol/pppoe/functions.bif
@@ -0,0 +1,22 @@
+module PacketAnalyzer::PPPoE;
+
+%%{
+#include "zeek/packet_analysis/Manager.h"
+%%}
+
+## Returns the PPPoE Session ID of the current packet, if present.
+##
+## If no PPPoE Session ID is present, 0xFFFFFFFF is returned, which
+## is out of range of the session ID.
+##
+## Returns: The PPPoE session ID if present, 0xFFFFFFFF otherwise.
+function session_id%(%): count
+	%{
+	static const auto& analyzer = zeek::packet_mgr->GetAnalyzer("PPPoE");
+	auto spans = zeek::packet_mgr->GetAnalyzerData(analyzer);
+
+	if ( spans.size() == 0 || spans[0].size() <=8 )
+		return zeek::val_mgr->Count(0xFFFFFFFF);
+
+	return zeek::val_mgr->Count((spans[0][2] << 8u) + spans[0][3]);
+	%}
diff --git a/src/script_opt/FuncInfo.cc b/src/script_opt/FuncInfo.cc
index 29f9a42ae2..874772d828 100644
--- a/src/script_opt/FuncInfo.cc
+++ b/src/script_opt/FuncInfo.cc
@@ -117,6 +117,7 @@ static std::unordered_map<std::string, unsigned int> func_attrs = {
     {"Option::set_change_handler", ATTR_NO_SCRIPT_SIDE_EFFECTS},
     {"PacketAnalyzer::GTPV1::remove_gtpv1_connection", ATTR_NO_SCRIPT_SIDE_EFFECTS},
     {"PacketAnalyzer::Geneve::get_options", ATTR_NO_SCRIPT_SIDE_EFFECTS},
+    {"PacketAnalyzer::PPPoE::session_id", ATTR_NO_SCRIPT_SIDE_EFFECTS},
     {"PacketAnalyzer::TEREDO::remove_teredo_connection", ATTR_NO_SCRIPT_SIDE_EFFECTS},
     {"PacketAnalyzer::__disable_analyzer", ATTR_NO_SCRIPT_SIDE_EFFECTS},
     {"PacketAnalyzer::__enable_analyzer", ATTR_NO_SCRIPT_SIDE_EFFECTS},
diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
index 4bb0fdb685..92ae304ef1 100644
--- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
@@ -266,6 +266,7 @@ scripts/base/init-frameworks-and-bifs.zeek
     build/scripts/base/bif/plugins/Zeek_WebSocket.types.bif.zeek
     build/scripts/base/bif/plugins/Zeek_XMPP.events.bif.zeek
     build/scripts/base/bif/plugins/Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek
+    build/scripts/base/bif/plugins/Zeek_PPPoE.functions.bif.zeek
     build/scripts/base/bif/plugins/Zeek_ARP.events.bif.zeek
     build/scripts/base/bif/plugins/Zeek_UDP.events.bif.zeek
     build/scripts/base/bif/plugins/Zeek_ICMP.events.bif.zeek
diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
index 4ed3a0c33b..8d2b58f0e1 100644
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@@ -266,6 +266,7 @@ scripts/base/init-frameworks-and-bifs.zeek
     build/scripts/base/bif/plugins/Zeek_WebSocket.types.bif.zeek
     build/scripts/base/bif/plugins/Zeek_XMPP.events.bif.zeek
     build/scripts/base/bif/plugins/Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek
+    build/scripts/base/bif/plugins/Zeek_PPPoE.functions.bif.zeek
     build/scripts/base/bif/plugins/Zeek_ARP.events.bif.zeek
     build/scripts/base/bif/plugins/Zeek_UDP.events.bif.zeek
     build/scripts/base/bif/plugins/Zeek_ICMP.events.bif.zeek
diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output
index b9d02db981..d210eaa685 100644
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@@ -369,6 +369,7 @@
 0.000000   MetaHookPost  LoadFile(0, ./Zeek_PE.events.bif.zeek, <...>/Zeek_PE.events.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./Zeek_POP3.consts.bif.zeek, <...>/Zeek_POP3.consts.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./Zeek_POP3.events.bif.zeek, <...>/Zeek_POP3.events.bif.zeek) -> -1
+0.000000   MetaHookPost  LoadFile(0, ./Zeek_PPPoE.functions.bif.zeek, <...>/Zeek_PPPoE.functions.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./Zeek_RADIUS.events.bif.zeek, <...>/Zeek_RADIUS.events.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./Zeek_RDP.events.bif.zeek, <...>/Zeek_RDP.events.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, ./Zeek_RDP.types.bif.zeek, <...>/Zeek_RDP.types.bif.zeek) -> -1
@@ -684,6 +685,7 @@
 0.000000   MetaHookPost  LoadFileExtended(0, ./Zeek_PE.events.bif.zeek, <...>/Zeek_PE.events.bif.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./Zeek_POP3.consts.bif.zeek, <...>/Zeek_POP3.consts.bif.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./Zeek_POP3.events.bif.zeek, <...>/Zeek_POP3.events.bif.zeek) -> (-1, <no content>)
+0.000000   MetaHookPost  LoadFileExtended(0, ./Zeek_PPPoE.functions.bif.zeek, <...>/Zeek_PPPoE.functions.bif.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./Zeek_RADIUS.events.bif.zeek, <...>/Zeek_RADIUS.events.bif.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./Zeek_RDP.events.bif.zeek, <...>/Zeek_RDP.events.bif.zeek) -> (-1, <no content>)
 0.000000   MetaHookPost  LoadFileExtended(0, ./Zeek_RDP.types.bif.zeek, <...>/Zeek_RDP.types.bif.zeek) -> (-1, <no content>)
@@ -1310,6 +1312,7 @@
 0.000000   MetaHookPre   LoadFile(0, ./Zeek_PE.events.bif.zeek, <...>/Zeek_PE.events.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./Zeek_POP3.consts.bif.zeek, <...>/Zeek_POP3.consts.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./Zeek_POP3.events.bif.zeek, <...>/Zeek_POP3.events.bif.zeek)
+0.000000   MetaHookPre   LoadFile(0, ./Zeek_PPPoE.functions.bif.zeek, <...>/Zeek_PPPoE.functions.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./Zeek_RADIUS.events.bif.zeek, <...>/Zeek_RADIUS.events.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./Zeek_RDP.events.bif.zeek, <...>/Zeek_RDP.events.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, ./Zeek_RDP.types.bif.zeek, <...>/Zeek_RDP.types.bif.zeek)
@@ -1625,6 +1628,7 @@
 0.000000   MetaHookPre   LoadFileExtended(0, ./Zeek_PE.events.bif.zeek, <...>/Zeek_PE.events.bif.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./Zeek_POP3.consts.bif.zeek, <...>/Zeek_POP3.consts.bif.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./Zeek_POP3.events.bif.zeek, <...>/Zeek_POP3.events.bif.zeek)
+0.000000   MetaHookPre   LoadFileExtended(0, ./Zeek_PPPoE.functions.bif.zeek, <...>/Zeek_PPPoE.functions.bif.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./Zeek_RADIUS.events.bif.zeek, <...>/Zeek_RADIUS.events.bif.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./Zeek_RDP.events.bif.zeek, <...>/Zeek_RDP.events.bif.zeek)
 0.000000   MetaHookPre   LoadFileExtended(0, ./Zeek_RDP.types.bif.zeek, <...>/Zeek_RDP.types.bif.zeek)
@@ -2250,6 +2254,7 @@
 0.000000 | HookLoadFile  ./Zeek_PE.events.bif.zeek <...>/Zeek_PE.events.bif.zeek
 0.000000 | HookLoadFile  ./Zeek_POP3.consts.bif.zeek <...>/Zeek_POP3.consts.bif.zeek
 0.000000 | HookLoadFile  ./Zeek_POP3.events.bif.zeek <...>/Zeek_POP3.events.bif.zeek
+0.000000 | HookLoadFile  ./Zeek_PPPoE.functions.bif.zeek <...>/Zeek_PPPoE.functions.bif.zeek
 0.000000 | HookLoadFile  ./Zeek_RADIUS.events.bif.zeek <...>/Zeek_RADIUS.events.bif.zeek
 0.000000 | HookLoadFile  ./Zeek_RDP.events.bif.zeek <...>/Zeek_RDP.events.bif.zeek
 0.000000 | HookLoadFile  ./Zeek_RDP.types.bif.zeek <...>/Zeek_RDP.types.bif.zeek
@@ -2565,6 +2570,7 @@
 0.000000 | HookLoadFileExtended ./Zeek_PE.events.bif.zeek <...>/Zeek_PE.events.bif.zeek
 0.000000 | HookLoadFileExtended ./Zeek_POP3.consts.bif.zeek <...>/Zeek_POP3.consts.bif.zeek
 0.000000 | HookLoadFileExtended ./Zeek_POP3.events.bif.zeek <...>/Zeek_POP3.events.bif.zeek
+0.000000 | HookLoadFileExtended ./Zeek_PPPoE.functions.bif.zeek <...>/Zeek_PPPoE.functions.bif.zeek
 0.000000 | HookLoadFileExtended ./Zeek_RADIUS.events.bif.zeek <...>/Zeek_RADIUS.events.bif.zeek
 0.000000 | HookLoadFileExtended ./Zeek_RDP.events.bif.zeek <...>/Zeek_RDP.events.bif.zeek
 0.000000 | HookLoadFileExtended ./Zeek_RDP.types.bif.zeek <...>/Zeek_RDP.types.bif.zeek
diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.pppoe-session-id-logging/conn.log.cut b/testing/btest/Baseline/scripts.policy.protocols.conn.pppoe-session-id-logging/conn.log.cut
new file mode 100644
index 0000000000..822e11c82c
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.conn.pppoe-session-id-logging/conn.log.cut
@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	pppoe_session_id
+CHhAvVGS1DHFjwGM9	1.1.1.1	20394	2.2.2.2	443	3847
diff --git a/testing/btest/scripts/policy/protocols/conn/pppoe-session-id-logging.zeek b/testing/btest/scripts/policy/protocols/conn/pppoe-session-id-logging.zeek
new file mode 100644
index 0000000000..a701c4294a
--- /dev/null
+++ b/testing/btest/scripts/policy/protocols/conn/pppoe-session-id-logging.zeek
@@ -0,0 +1,7 @@
+# A basic test of pppoe session id logging
+
+# @TEST-EXEC: zeek -b -r $TRACES/pppoe-over-qinq.pcap %INPUT
+# @TEST-EXEC: zeek-cut -m uid id.orig_h id.orig_p id.resp_h id.resp_p pppoe_session_id < conn.log > conn.log.cut
+# @TEST-EXEC: btest-diff conn.log.cut
+
+@load protocols/conn/pppoe-session-id-logging
diff --git a/testing/external/commit-hash.zeek-testing b/testing/external/commit-hash.zeek-testing
index 55f2339e5f..0244c30658 100644
--- a/testing/external/commit-hash.zeek-testing
+++ b/testing/external/commit-hash.zeek-testing
@@ -1 +1 @@
-b0713238ffa1adb47a5f2824dc685eba144d3feb
+79e994ccb40bdc35988867a680cc7efa152d3543
diff --git a/testing/external/commit-hash.zeek-testing-private b/testing/external/commit-hash.zeek-testing-private
index cc43ed7906..544bc35294 100644
--- a/testing/external/commit-hash.zeek-testing-private
+++ b/testing/external/commit-hash.zeek-testing-private
@@ -1 +1 @@
-7bedceb12209bd7256be9faf8c067e55ced9bd59
+034c859753b435dc2a6368fa46ecf3e92c98d9da