diff --git a/scripts/base/protocols/ntlm/main.bro b/scripts/base/protocols/ntlm/main.bro
index 365ebcdd81..484ccf334f 100644
--- a/scripts/base/protocols/ntlm/main.bro
+++ b/scripts/base/protocols/ntlm/main.bro
@@ -14,6 +14,13 @@ export {
 		username: string &log &optional;
 		hostname: string &log &optional;
 		domainname: string &log &optional;
+
+		## Indicate whether or not the authentication was successful.
+		success: bool &log &default=F;
+
+		## Internally used field to indicate if the login attempt 
+		## has already been logged.
+		done: bool &default=F;
 	};
 }
 
@@ -28,13 +35,10 @@ event bro_init() &priority=5
 
 event ntlm_negotiate(c: connection, request: NTLM::Negotiate) &priority=5
 	{
-	#print request;
 	}
 
 event ntlm_challenge(c: connection, challenge: NTLM::Challenge) &priority=5
 	{
-	#print "challenge!!!!!";
-	#print challenge;
 	}
 
 event ntlm_authenticate(c: connection, request: NTLM::Authenticate) &priority=5
@@ -48,7 +52,28 @@ event ntlm_authenticate(c: connection, request: NTLM::Authenticate) &priority=5
 		c$ntlm$username = request$user_name;
 	}
 
-event ntlm_authenticate(c: connection, request: NTLM::Authenticate) &priority=-5
+event gssapi_neg_result(c: connection, state: count) &priority=5
 	{
-	Log::write(NTLM::LOG, c$ntlm);
+	if ( c?$ntlm )
+		c$ntlm$success = (state == 0);
 	}
+
+event gssapi_neg_result(c: connection, state: count) &priority=-5
+	{
+	if ( c?$ntlm )
+		{
+		if ( c$ntlm?$username || c$ntlm?$hostname )
+			{
+			Log::write(NTLM::LOG, c$ntlm);
+			c$ntlm$done = T;
+			}
+		}
+	}
+
+event connection_state_remove(c: connection) &priority=-5
+	{
+	if ( c?$ntlm && ! c$ntlm$done )
+		{
+		Log::write(NTLM::LOG, c$ntlm);
+		}
+	}
\ No newline at end of file
diff --git a/src/analyzer/protocol/gssapi/events.bif b/src/analyzer/protocol/gssapi/events.bif
index 4b648f3c9a..ea2d3dc2a3 100644
--- a/src/analyzer/protocol/gssapi/events.bif
+++ b/src/analyzer/protocol/gssapi/events.bif
@@ -1,5 +1,7 @@
-## Generated for GSSAPI messages of type *accept-completed*.
+## Generated for GSSAPI negotiation results.
 ##
 ## c: The connection.
 ##
-event gssapi_accepted%(c: connection%);
+## state: The resulting state of the negotiation.
+##
+event gssapi_neg_result%(c: connection, state: count%);
diff --git a/src/analyzer/protocol/gssapi/gssapi-analyzer.pac b/src/analyzer/protocol/gssapi/gssapi-analyzer.pac
index 6c3b5d30c4..934e0fd292 100644
--- a/src/analyzer/protocol/gssapi/gssapi-analyzer.pac
+++ b/src/analyzer/protocol/gssapi/gssapi-analyzer.pac
@@ -1,3 +1,4 @@
+
 refine connection GSSAPI_Conn += {
 	%member{
 		analyzer::Analyzer *ntlm;
@@ -19,31 +20,25 @@ refine connection GSSAPI_Conn += {
 		return true;
 		%}
 
-	function proc_gssapi_neg_token(val: GSSAPI_NEG_TOKEN): bool
+	function proc_gssapi_neg_result(val: GSSAPI_NEG_TOKEN_RESP_Arg): bool
 		%{
-		if ( ${val.is_init} )
-			return true;
-		
-		for ( uint i = 0; i < ${val.resp.args}->size(); ++i )
+		if ( gssapi_neg_result )
 			{
-			switch ( ${val.resp.args[i].seq_meta.index} )
-				{
-				case 0:
-					if ( ${val.resp.args[i].args.neg_state} == 0 )
-						{
-						BifEvent::generate_gssapi_accepted(bro_analyzer(), 
-						                                   bro_analyzer()->Conn());
-						}
-					break;
-				
-				default:
-					break;
-				}
+			BifEvent::generate_gssapi_neg_result(bro_analyzer(),
+			                                     bro_analyzer()->Conn(),
+			                                     binary_to_int64(${val.neg_state.encoding.content}));
 			}
+
 		return true;
 		%}
 }
 
-refine typeattr GSSAPI_NEG_TOKEN += &let {
-	proc : bool = $context.connection.proc_gssapi_neg_token(this);
+refine typeattr GSSAPI_NEG_TOKEN_INIT_Arg_Data += &let {
+	fwd: bool = $context.connection.forward_ntlm(mech_token, true) &if(index==2); 
 };
+
+refine typeattr GSSAPI_NEG_TOKEN_RESP_Arg += &let {
+	proc: bool = $context.connection.proc_gssapi_neg_result(this) &if(seq_meta.index==0);
+	fwd: bool = $context.connection.forward_ntlm(response_token, false) &if(seq_meta.index==2);
+};
+
diff --git a/src/analyzer/protocol/gssapi/gssapi-protocol.pac b/src/analyzer/protocol/gssapi/gssapi-protocol.pac
index cbaee0572f..67a84ceb0b 100644
--- a/src/analyzer/protocol/gssapi/gssapi-protocol.pac
+++ b/src/analyzer/protocol/gssapi/gssapi-protocol.pac
@@ -32,8 +32,6 @@ type GSSAPI_NEG_TOKEN_INIT_Arg_Data(index: uint8) = case index of {
 	1 -> req_flags      : ASN1Encoding;
 	2 -> mech_token     : bytestring &restofdata;
 	3 -> mech_list_mic  : ASN1OctetString;
-} &let { 
-	fwd: bool = $context.connection.forward_ntlm(mech_token, true) &if(index==2); 
 };
 
 type GSSAPI_NEG_TOKEN_RESP = record {
@@ -43,14 +41,10 @@ type GSSAPI_NEG_TOKEN_RESP = record {
 
 type GSSAPI_NEG_TOKEN_RESP_Arg = record {
 	seq_meta : ASN1EncodingMeta;
-	args     : GSSAPI_NEG_TOKEN_RESP_Arg_Data(seq_meta.index) &length=seq_meta.length;
-};
-
-type GSSAPI_NEG_TOKEN_RESP_Arg_Data(index: uint8) = case index of {
-	0 -> neg_state      : ASN1Integer;
-	1 -> supported_mech : ASN1Encoding;
-	2 -> response_token : bytestring &restofdata;
-	3 -> mech_list_mic  : ASN1OctetString;
-} &let { 
-	fwd: bool = $context.connection.forward_ntlm(response_token, false) &if(index==2);
+	args     : case seq_meta.index of {
+		0       -> neg_state      : ASN1Integer;
+		1       -> supported_mech : ASN1Encoding;
+		2       -> response_token : bytestring &restofdata;
+		3       -> mech_list_mic  : ASN1OctetString;
+	} &length=seq_meta.length;
 };