diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro
index 857e9073ec..99dc846903 100644
--- a/scripts/base/protocols/ssl/main.bro
+++ b/scripts/base/protocols/ssl/main.bro
@@ -28,6 +28,11 @@ export {
 	## This is where the default root CA bundle is defined.  By loading the
 	## mozilla-ca-list.bro script it will be set to Mozilla's root CA list.
 	const root_certs: table[string] of string = {} &redef;
+
+	## This determines if the c$ssl record is deleted after the record is 
+	## logged. You probably want this to be deleted since it contains 
+	## the full certificate and all of the chain certificates in it.
+	const delete_certs_after_logging = T &redef;
 	
 	global log_ssl: event(rec: Info);
 	
@@ -121,5 +126,13 @@ event ssl_established(c: connection) &priority=5
 event ssl_established(c: connection) &priority=-5
 	{
 	Log::write(SSL::LOG, c$ssl);
+	
+	if ( delete_certs_after_logging )
+		{
+		if ( c$ssl?$cert )
+			delete c$ssl$cert;
+		if ( c$ssl?$cert_chain )
+			delete c$ssl$cert_chain;
+		}
 	}