diff --git a/scripts/policy/protocols/conn/failed-service-logging.zeek b/scripts/policy/protocols/conn/failed-service-logging.zeek
index 291b44de19..f86fcd38ca 100644
--- a/scripts/policy/protocols/conn/failed-service-logging.zeek
+++ b/scripts/policy/protocols/conn/failed-service-logging.zeek
@@ -4,6 +4,7 @@
 ##! that they were removed.
 
 @load base/protocols/conn
+@load base/frameworks/analyzer/dpd
 
 module Conn;
 
@@ -19,9 +20,16 @@ hook Analyzer::disabling_analyzer(c: connection, atype: AllAnalyzers::Tag, aid:
 	if ( ! is_protocol_analyzer(atype) && ! is_packet_analyzer(atype) )
 		return;
 
-
 	# Only add if previously confirmed
-	if ( Analyzer::name(atype) !in c$service )
+	if ( Analyzer::name(atype) !in c$service || Analyzer::name(atype) !in c$service_violation )
+		return;
+
+	# Only log if dpd.zeek will disable
+	if ( atype in DPD::ignore_violations )
+		return;
+
+	local size = c$orig$size + c$resp$size;
+	if ( DPD::ignore_violations_after > 0 && size > DPD::ignore_violations_after )
 		return;
 
 	set_conn(c, F);