diff --git a/NEWS b/NEWS
index 8e131e2838..f9dba96980 100644
--- a/NEWS
+++ b/NEWS
@@ -128,7 +128,7 @@ Deprecated Functionality
 
 - ``Analyzer::BuildConnVal()`` is deprecated, use ``Analyzer::ConnVal()``.
 
-- ``BifEvent::generate_`` functions are deprecated, use ``BifEvent::enqueue_``.
+- ``BifEvent::generate_`` functions are deprecated, use ``zeek::BifEvent::enqueue_``.
 
 - ``binpac::bytestring_to_val()`` is deprecated, use ``binpac::to_stringval()``.
 
diff --git a/aux/bifcl b/aux/bifcl
index 2d56fd7e6d..b155d04585 160000
--- a/aux/bifcl
+++ b/aux/bifcl
@@ -1 +1 @@
-Subproject commit 2d56fd7e6d59aab754176b3ec90e71600d22d713
+Subproject commit b155d04585c61c8fdd0768e1f2a403b27447bb9d
diff --git a/src/analyzer/protocol/bittorrent/bittorrent-analyzer.pac b/src/analyzer/protocol/bittorrent/bittorrent-analyzer.pac
index 27ae99f0df..f6dbb95dda 100644
--- a/src/analyzer/protocol/bittorrent/bittorrent-analyzer.pac
+++ b/src/analyzer/protocol/bittorrent/bittorrent-analyzer.pac
@@ -61,7 +61,7 @@ flow BitTorrent_Flow(is_orig: bool) {
 		handshake_ok = true;
 		if ( ::bittorrent_peer_handshake )
 			{
-			BifEvent::enqueue_bittorrent_peer_handshake(
+			zeek::BifEvent::enqueue_bittorrent_peer_handshake(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(),
@@ -79,7 +79,7 @@ flow BitTorrent_Flow(is_orig: bool) {
 		%{
 		if ( ::bittorrent_peer_keep_alive )
 			{
-			BifEvent::enqueue_bittorrent_peer_keep_alive(
+			zeek::BifEvent::enqueue_bittorrent_peer_keep_alive(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig());
@@ -92,7 +92,7 @@ flow BitTorrent_Flow(is_orig: bool) {
 		%{
 		if ( ::bittorrent_peer_choke )
 			{
-			BifEvent::enqueue_bittorrent_peer_choke(
+			zeek::BifEvent::enqueue_bittorrent_peer_choke(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig());
@@ -105,7 +105,7 @@ flow BitTorrent_Flow(is_orig: bool) {
 		%{
 		if ( ::bittorrent_peer_unchoke )
 			{
-			BifEvent::enqueue_bittorrent_peer_unchoke(
+			zeek::BifEvent::enqueue_bittorrent_peer_unchoke(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig());
@@ -118,7 +118,7 @@ flow BitTorrent_Flow(is_orig: bool) {
 		%{
 		if ( ::bittorrent_peer_interested )
 			{
-			BifEvent::enqueue_bittorrent_peer_interested(
+			zeek::BifEvent::enqueue_bittorrent_peer_interested(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig());
@@ -131,7 +131,7 @@ flow BitTorrent_Flow(is_orig: bool) {
 		%{
 		if ( ::bittorrent_peer_not_interested )
 			{
-			BifEvent::enqueue_bittorrent_peer_not_interested(
+			zeek::BifEvent::enqueue_bittorrent_peer_not_interested(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig());
@@ -144,7 +144,7 @@ flow BitTorrent_Flow(is_orig: bool) {
 		%{
 		if ( ::bittorrent_peer_have )
 			{
-			BifEvent::enqueue_bittorrent_peer_have(
+			zeek::BifEvent::enqueue_bittorrent_peer_have(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(),
@@ -158,7 +158,7 @@ flow BitTorrent_Flow(is_orig: bool) {
 		%{
 		if ( ::bittorrent_peer_bitfield )
 			{
-			BifEvent::enqueue_bittorrent_peer_bitfield(
+			zeek::BifEvent::enqueue_bittorrent_peer_bitfield(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(),
@@ -173,7 +173,7 @@ flow BitTorrent_Flow(is_orig: bool) {
 		%{
 		if ( ::bittorrent_peer_request )
 			{
-			BifEvent::enqueue_bittorrent_peer_request(
+			zeek::BifEvent::enqueue_bittorrent_peer_request(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(),
@@ -188,7 +188,7 @@ flow BitTorrent_Flow(is_orig: bool) {
 		%{
 		if ( ::bittorrent_peer_piece )
 			{
-			BifEvent::enqueue_bittorrent_peer_piece(
+			zeek::BifEvent::enqueue_bittorrent_peer_piece(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(),
@@ -203,7 +203,7 @@ flow BitTorrent_Flow(is_orig: bool) {
 		%{
 		if ( ::bittorrent_peer_cancel )
 			{
-			BifEvent::enqueue_bittorrent_peer_cancel(
+			zeek::BifEvent::enqueue_bittorrent_peer_cancel(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(),
@@ -217,7 +217,7 @@ flow BitTorrent_Flow(is_orig: bool) {
 		%{
 		if ( ::bittorrent_peer_port )
 			{
-			BifEvent::enqueue_bittorrent_peer_port(
+			zeek::BifEvent::enqueue_bittorrent_peer_port(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(),
@@ -231,7 +231,7 @@ flow BitTorrent_Flow(is_orig: bool) {
 		%{
 		if ( ::bittorrent_peer_unknown )
 			{
-			BifEvent::enqueue_bittorrent_peer_unknown(
+			zeek::BifEvent::enqueue_bittorrent_peer_unknown(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(),
diff --git a/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac b/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac
index 7dfff77119..c6bdbd3ab8 100644
--- a/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac
+++ b/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac
@@ -37,7 +37,7 @@ refine connection DCE_RPC_Conn += {
 		%{
 		if ( dce_rpc_message )
 			{
-			BifEvent::enqueue_dce_rpc_message(bro_analyzer(),
+			zeek::BifEvent::enqueue_dce_rpc_message(bro_analyzer(),
 			                                  bro_analyzer()->Conn(),
 			                                  ${header.is_orig},
 			                                  fid,
@@ -51,7 +51,7 @@ refine connection DCE_RPC_Conn += {
 		%{
 		if ( dce_rpc_bind )
 			{
-			BifEvent::enqueue_dce_rpc_bind(bro_analyzer(),
+			zeek::BifEvent::enqueue_dce_rpc_bind(bro_analyzer(),
 			                               bro_analyzer()->Conn(),
 			                               fid,
 			                               ${req.id},
@@ -67,7 +67,7 @@ refine connection DCE_RPC_Conn += {
 		%{
 		if ( dce_rpc_alter_context )
 			{
-			BifEvent::enqueue_dce_rpc_alter_context(bro_analyzer(),
+			zeek::BifEvent::enqueue_dce_rpc_alter_context(bro_analyzer(),
 			                                        bro_analyzer()->Conn(),
 			                                        fid,
 			                                        ${req.id},
@@ -92,7 +92,7 @@ refine connection DCE_RPC_Conn += {
 			else
 				sec_addr = make_intrusive<StringVal>(${bind.sec_addr}.length(), (const char*) ${bind.sec_addr}.begin());
 
-			BifEvent::enqueue_dce_rpc_bind_ack(bro_analyzer(),
+			zeek::BifEvent::enqueue_dce_rpc_bind_ack(bro_analyzer(),
 			                                   bro_analyzer()->Conn(),
 			                                   fid,
 			                                   std::move(sec_addr));
@@ -104,7 +104,7 @@ refine connection DCE_RPC_Conn += {
 		%{
 		if ( dce_rpc_alter_context_resp )
 			{
-			BifEvent::enqueue_dce_rpc_alter_context_resp(bro_analyzer(),
+			zeek::BifEvent::enqueue_dce_rpc_alter_context_resp(bro_analyzer(),
 			                                             bro_analyzer()->Conn(),
 			                                             fid);
 			}
@@ -115,7 +115,7 @@ refine connection DCE_RPC_Conn += {
 		%{
 		if ( dce_rpc_request )
 			{
-			BifEvent::enqueue_dce_rpc_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_dce_rpc_request(bro_analyzer(),
 			                                  bro_analyzer()->Conn(),
 			                                  fid,
 			                                  ${req.context_id},
@@ -132,7 +132,7 @@ refine connection DCE_RPC_Conn += {
 		%{
 		if ( dce_rpc_response )
 			{
-			BifEvent::enqueue_dce_rpc_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_dce_rpc_response(bro_analyzer(),
 			                                   bro_analyzer()->Conn(),
 			                                   fid,
 			                                   ${resp.context_id},
diff --git a/src/analyzer/protocol/dhcp/dhcp-analyzer.pac b/src/analyzer/protocol/dhcp/dhcp-analyzer.pac
index e8994436f8..37ab13e57c 100644
--- a/src/analyzer/protocol/dhcp/dhcp-analyzer.pac
+++ b/src/analyzer/protocol/dhcp/dhcp-analyzer.pac
@@ -91,7 +91,7 @@ refine flow DHCP_Flow += {
 
 			init_options();
 
-			BifEvent::enqueue_dhcp_message(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_dhcp_message(connection()->bro_analyzer(),
 			                               connection()->bro_analyzer()->Conn(),
 			                               ${msg.is_orig},
 			                               std::move(dhcp_msg_val),
diff --git a/src/analyzer/protocol/dnp3/dnp3-analyzer.pac b/src/analyzer/protocol/dnp3/dnp3-analyzer.pac
index 9ce8892790..189128b39d 100644
--- a/src/analyzer/protocol/dnp3/dnp3-analyzer.pac
+++ b/src/analyzer/protocol/dnp3/dnp3-analyzer.pac
@@ -29,7 +29,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_header_block )
 			{
-			BifEvent::enqueue_dnp3_header_block(
+			zeek::BifEvent::enqueue_dnp3_header_block(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), len, ctrl, dest_addr, src_addr);
@@ -42,7 +42,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_application_request_header )
 			{
-			BifEvent::enqueue_dnp3_application_request_header(
+			zeek::BifEvent::enqueue_dnp3_application_request_header(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(),
@@ -57,7 +57,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_application_response_header )
 			{
-			BifEvent::enqueue_dnp3_application_response_header(
+			zeek::BifEvent::enqueue_dnp3_application_response_header(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(),
@@ -73,7 +73,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_object_header )
 			{
-			BifEvent::enqueue_dnp3_object_header(
+			zeek::BifEvent::enqueue_dnp3_object_header(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), obj_type, qua_field, number, rf_low, rf_high);
@@ -86,7 +86,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_object_prefix )
 			{
-			BifEvent::enqueue_dnp3_object_prefix(
+			zeek::BifEvent::enqueue_dnp3_object_prefix(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), prefix_value);
@@ -99,7 +99,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_response_data_object )
 			{
-			BifEvent::enqueue_dnp3_response_data_object(
+			zeek::BifEvent::enqueue_dnp3_response_data_object(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), data_value);
@@ -113,7 +113,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_attribute_common )
 			{
-			BifEvent::enqueue_dnp3_attribute_common(
+			zeek::BifEvent::enqueue_dnp3_attribute_common(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), data_type_code, leng, to_stringval(attribute_obj) );
@@ -127,7 +127,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_crob )
 			{
-			BifEvent::enqueue_dnp3_crob(
+			zeek::BifEvent::enqueue_dnp3_crob(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), control_code, count8, on_time, off_time, status_code);
@@ -141,7 +141,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_pcb )
 			{
-			BifEvent::enqueue_dnp3_pcb(
+			zeek::BifEvent::enqueue_dnp3_pcb(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), control_code, count8, on_time, off_time, status_code);
@@ -155,7 +155,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_counter_32wFlag )
 			{
-			BifEvent::enqueue_dnp3_counter_32wFlag(
+			zeek::BifEvent::enqueue_dnp3_counter_32wFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, count_value);
@@ -169,7 +169,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_counter_16wFlag )
 			{
-			BifEvent::enqueue_dnp3_counter_16wFlag(
+			zeek::BifEvent::enqueue_dnp3_counter_16wFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, count_value);
@@ -183,7 +183,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_counter_32woFlag )
 			{
-			BifEvent::enqueue_dnp3_counter_32woFlag(
+			zeek::BifEvent::enqueue_dnp3_counter_32woFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), count_value);
@@ -197,7 +197,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_counter_16woFlag )
 			{
-			BifEvent::enqueue_dnp3_counter_16woFlag(
+			zeek::BifEvent::enqueue_dnp3_counter_16woFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), count_value);
@@ -211,7 +211,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_counter_32wFlag )
 			{
-			BifEvent::enqueue_dnp3_frozen_counter_32wFlag(
+			zeek::BifEvent::enqueue_dnp3_frozen_counter_32wFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, count_value);
@@ -225,7 +225,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_counter_16wFlag )
 			{
-			BifEvent::enqueue_dnp3_frozen_counter_16wFlag(
+			zeek::BifEvent::enqueue_dnp3_frozen_counter_16wFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, count_value);
@@ -239,7 +239,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_counter_32wFlagTime )
 			{
-			BifEvent::enqueue_dnp3_frozen_counter_32wFlagTime(
+			zeek::BifEvent::enqueue_dnp3_frozen_counter_32wFlagTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, count_value, bytestring_to_time(time48));
@@ -253,7 +253,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_counter_16wFlagTime )
 			{
-			BifEvent::enqueue_dnp3_frozen_counter_16wFlagTime(
+			zeek::BifEvent::enqueue_dnp3_frozen_counter_16wFlagTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, count_value, bytestring_to_time(time48));
@@ -267,7 +267,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_counter_32woFlag )
 			{
-			BifEvent::enqueue_dnp3_frozen_counter_32woFlag(
+			zeek::BifEvent::enqueue_dnp3_frozen_counter_32woFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), count_value);
@@ -281,7 +281,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_counter_16woFlag )
 			{
-			BifEvent::enqueue_dnp3_frozen_counter_16woFlag(
+			zeek::BifEvent::enqueue_dnp3_frozen_counter_16woFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), count_value);
@@ -295,7 +295,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_analog_input_32wFlag )
 			{
-			BifEvent::enqueue_dnp3_analog_input_32wFlag(
+			zeek::BifEvent::enqueue_dnp3_analog_input_32wFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, value);
@@ -309,7 +309,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_analog_input_16wFlag )
 			{
-			BifEvent::enqueue_dnp3_analog_input_16wFlag(
+			zeek::BifEvent::enqueue_dnp3_analog_input_16wFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, value);
@@ -323,7 +323,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_analog_input_32woFlag )
 			{
-			BifEvent::enqueue_dnp3_analog_input_32woFlag(
+			zeek::BifEvent::enqueue_dnp3_analog_input_32woFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), value);
@@ -337,7 +337,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_analog_input_16woFlag )
 			{
-			BifEvent::enqueue_dnp3_analog_input_16woFlag(
+			zeek::BifEvent::enqueue_dnp3_analog_input_16woFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), value);
@@ -351,7 +351,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_analog_input_SPwFlag )
 			{
-			BifEvent::enqueue_dnp3_analog_input_SPwFlag(
+			zeek::BifEvent::enqueue_dnp3_analog_input_SPwFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, value);
@@ -365,7 +365,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_analog_input_DPwFlag )
 			{
-			BifEvent::enqueue_dnp3_analog_input_DPwFlag(
+			zeek::BifEvent::enqueue_dnp3_analog_input_DPwFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, value_low, value_high);
@@ -379,7 +379,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_32wFlag )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_32wFlag(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_32wFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, frozen_value);
@@ -393,7 +393,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_16wFlag )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_16wFlag(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_16wFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, frozen_value);
@@ -407,7 +407,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_32wTime )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_32wTime(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_32wTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, frozen_value, bytestring_to_time(time48));
@@ -421,7 +421,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_16wTime )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_16wTime(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_16wTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, frozen_value, bytestring_to_time(time48));
@@ -435,7 +435,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_32woFlag )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_32woFlag(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_32woFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), frozen_value);
@@ -449,7 +449,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_16woFlag )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_16woFlag(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_16woFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), frozen_value);
@@ -463,7 +463,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_SPwFlag )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_SPwFlag(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_SPwFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, frozen_value);
@@ -477,7 +477,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_DPwFlag )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_DPwFlag(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_DPwFlag(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, frozen_value_low, frozen_value_high);
@@ -491,7 +491,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_analog_input_event_32woTime )
 			{
-			BifEvent::enqueue_dnp3_analog_input_event_32woTime(
+			zeek::BifEvent::enqueue_dnp3_analog_input_event_32woTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, value);
@@ -505,7 +505,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_analog_input_event_16woTime )
 			{
-			BifEvent::enqueue_dnp3_analog_input_event_16woTime(
+			zeek::BifEvent::enqueue_dnp3_analog_input_event_16woTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, value);
@@ -519,7 +519,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_analog_input_event_32wTime )
 			{
-			BifEvent::enqueue_dnp3_analog_input_event_32wTime(
+			zeek::BifEvent::enqueue_dnp3_analog_input_event_32wTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, value, bytestring_to_time(time48));
@@ -533,7 +533,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_analog_input_event_16wTime )
 			{
-			BifEvent::enqueue_dnp3_analog_input_event_16wTime(
+			zeek::BifEvent::enqueue_dnp3_analog_input_event_16wTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, value, bytestring_to_time(time48));
@@ -547,7 +547,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_analog_input_event_SPwoTime )
 			{
-			BifEvent::enqueue_dnp3_analog_input_event_SPwoTime(
+			zeek::BifEvent::enqueue_dnp3_analog_input_event_SPwoTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, value);
@@ -561,7 +561,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_analog_input_event_DPwoTime )
 			{
-			BifEvent::enqueue_dnp3_analog_input_event_DPwoTime(
+			zeek::BifEvent::enqueue_dnp3_analog_input_event_DPwoTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, value_low, value_high);
@@ -575,7 +575,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_analog_input_event_SPwTime )
 			{
-			BifEvent::enqueue_dnp3_analog_input_event_SPwTime(
+			zeek::BifEvent::enqueue_dnp3_analog_input_event_SPwTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, value, bytestring_to_time(time48));
@@ -589,7 +589,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_analog_input_event_DPwTime )
 			{
-			BifEvent::enqueue_dnp3_analog_input_event_DPwTime(
+			zeek::BifEvent::enqueue_dnp3_analog_input_event_DPwTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, value_low, value_high, bytestring_to_time(time48));
@@ -603,7 +603,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_event_32woTime )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_event_32woTime(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_32woTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, frozen_value);
@@ -617,7 +617,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_event_16woTime )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_event_16woTime(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_16woTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, frozen_value);
@@ -631,7 +631,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_event_32wTime )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_event_32wTime(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_32wTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, frozen_value, bytestring_to_time(time48));
@@ -645,7 +645,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_event_16wTime )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_event_16wTime(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_16wTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, frozen_value, bytestring_to_time(time48));
@@ -659,7 +659,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_event_SPwoTime )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_event_SPwoTime(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_SPwoTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, frozen_value);
@@ -673,7 +673,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_event_DPwoTime )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_event_DPwoTime(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_DPwoTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, frozen_value_low, frozen_value_high);
@@ -687,7 +687,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_event_SPwTime )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_event_SPwTime(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_SPwTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, frozen_value, bytestring_to_time(time48));
@@ -701,7 +701,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_frozen_analog_input_event_DPwTime )
 			{
-			BifEvent::enqueue_dnp3_frozen_analog_input_event_DPwTime(
+			zeek::BifEvent::enqueue_dnp3_frozen_analog_input_event_DPwTime(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), flag, frozen_value_low, frozen_value_high, bytestring_to_time(time48));
@@ -715,7 +715,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_file_transport )
 			{
-			BifEvent::enqueue_dnp3_file_transport(
+			zeek::BifEvent::enqueue_dnp3_file_transport(
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), file_handle, block_num, to_stringval(file_data));
@@ -729,7 +729,7 @@ flow DNP3_Flow(is_orig: bool) {
 		%{
 		if ( ::dnp3_debug_byte )
 			{
-			BifEvent::enqueue_dnp3_debug_byte (
+			zeek::BifEvent::enqueue_dnp3_debug_byte (
 				connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig(), to_stringval(debug));
diff --git a/src/analyzer/protocol/gssapi/gssapi-analyzer.pac b/src/analyzer/protocol/gssapi/gssapi-analyzer.pac
index b92468c04d..48c3e086fd 100644
--- a/src/analyzer/protocol/gssapi/gssapi-analyzer.pac
+++ b/src/analyzer/protocol/gssapi/gssapi-analyzer.pac
@@ -61,7 +61,7 @@ refine connection GSSAPI_Conn += {
 		%{
 		if ( gssapi_neg_result )
 			{
-			BifEvent::enqueue_gssapi_neg_result(bro_analyzer(),
+			zeek::BifEvent::enqueue_gssapi_neg_result(bro_analyzer(),
 			                                    bro_analyzer()->Conn(),
 			                                    binary_to_int64(${val.neg_state.encoding.content}));
 			}
diff --git a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
index e91d4499b3..f4daeb8c0c 100644
--- a/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
+++ b/src/analyzer/protocol/gtpv1/gtpv1-analyzer.pac
@@ -328,7 +328,7 @@ void CreatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
 		}
 		}
 
-	BifEvent::enqueue_gtpv1_create_pdp_ctx_request(a, a->Conn(),
+	zeek::BifEvent::enqueue_gtpv1_create_pdp_ctx_request(a, a->Conn(),
 	                                               BuildGTPv1Hdr(pdu), std::move(rv));
 	}
 
@@ -397,7 +397,7 @@ void CreatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
 		}
 		}
 
-	BifEvent::enqueue_gtpv1_create_pdp_ctx_response(a, a->Conn(),
+	zeek::BifEvent::enqueue_gtpv1_create_pdp_ctx_response(a, a->Conn(),
 	                                                BuildGTPv1Hdr(pdu), std::move(rv));
 	}
 
@@ -475,7 +475,7 @@ void UpdatePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
 		}
 		}
 
-	BifEvent::enqueue_gtpv1_update_pdp_ctx_request(a, a->Conn(),
+	zeek::BifEvent::enqueue_gtpv1_update_pdp_ctx_request(a, a->Conn(),
 	                                               BuildGTPv1Hdr(pdu), std::move(rv));
 	}
 
@@ -535,7 +535,7 @@ void UpdatePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
 		}
 		}
 
-	BifEvent::enqueue_gtpv1_update_pdp_ctx_response(a, a->Conn(),
+	zeek::BifEvent::enqueue_gtpv1_update_pdp_ctx_response(a, a->Conn(),
 	                                                BuildGTPv1Hdr(pdu), std::move(rv));
 	}
 
@@ -569,7 +569,7 @@ void DeletePDP_Request(const BroAnalyzer& a, const GTPv1_Header* pdu)
 		}
 		}
 
-	BifEvent::enqueue_gtpv1_delete_pdp_ctx_request(a, a->Conn(),
+	zeek::BifEvent::enqueue_gtpv1_delete_pdp_ctx_request(a, a->Conn(),
 	                                               BuildGTPv1Hdr(pdu), std::move(rv));
 	}
 
@@ -600,7 +600,7 @@ void DeletePDP_Response(const BroAnalyzer& a, const GTPv1_Header* pdu)
 		}
 		}
 
-	BifEvent::enqueue_gtpv1_delete_pdp_ctx_response(a, a->Conn(),
+	zeek::BifEvent::enqueue_gtpv1_delete_pdp_ctx_response(a, a->Conn(),
 	                                                BuildGTPv1Hdr(pdu), std::move(rv));
 	}
 %}
@@ -679,7 +679,7 @@ flow GTPv1_Flow(is_orig: bool)
 			}
 
 		if ( ::gtpv1_message )
-			BifEvent::enqueue_gtpv1_message(a, c, BuildGTPv1Hdr(pdu));
+			zeek::BifEvent::enqueue_gtpv1_message(a, c, BuildGTPv1Hdr(pdu));
 
 		switch ( ${pdu.msg_type} ) {
 		case 16:
@@ -759,7 +759,7 @@ flow GTPv1_Flow(is_orig: bool)
 			}
 
 		if ( ::gtpv1_g_pdu_packet )
-			BifEvent::enqueue_gtpv1_g_pdu_packet(a, c, BuildGTPv1Hdr(pdu),
+			zeek::BifEvent::enqueue_gtpv1_g_pdu_packet(a, c, BuildGTPv1Hdr(pdu),
 			                                     inner->ToPktHdrVal());
 
 		EncapsulatingConn ec(c, BifEnum::Tunnel::GTPv1);
diff --git a/src/analyzer/protocol/imap/imap-analyzer.pac b/src/analyzer/protocol/imap/imap-analyzer.pac
index b8fe0652ec..677e3789ec 100644
--- a/src/analyzer/protocol/imap/imap-analyzer.pac
+++ b/src/analyzer/protocol/imap/imap-analyzer.pac
@@ -45,7 +45,7 @@ refine connection IMAP_Conn += {
 				bro_analyzer()->StartTLS();
 
 				if ( imap_starttls )
-					BifEvent::enqueue_imap_starttls(bro_analyzer(), bro_analyzer()->Conn());
+					zeek::BifEvent::enqueue_imap_starttls(bro_analyzer(), bro_analyzer()->Conn());
 				}
 			else
 				reporter->Weird(bro_analyzer()->Conn(), "IMAP: server refused StartTLS");
@@ -67,7 +67,7 @@ refine connection IMAP_Conn += {
 			capv->Assign(i, make_intrusive<StringVal>(capability.length(), (const char*)capability.data()));
 			}
 
-		BifEvent::enqueue_imap_capabilities(bro_analyzer(), bro_analyzer()->Conn(), std::move(capv));
+		zeek::BifEvent::enqueue_imap_capabilities(bro_analyzer(), bro_analyzer()->Conn(), std::move(capv));
 		return true;
 		%}
 
diff --git a/src/analyzer/protocol/krb/krb-analyzer.pac b/src/analyzer/protocol/krb/krb-analyzer.pac
index d36f721b44..ebc07a0f3a 100644
--- a/src/analyzer/protocol/krb/krb-analyzer.pac
+++ b/src/analyzer/protocol/krb/krb-analyzer.pac
@@ -180,7 +180,7 @@ refine connection KRB_Conn += {
 				return false;
 
 			RecordVal* rv = proc_krb_kdc_req_arguments(${msg}, bro_analyzer());
-			BifEvent::enqueue_krb_as_request(bro_analyzer(), bro_analyzer()->Conn(), {AdoptRef{}, rv});
+			zeek::BifEvent::enqueue_krb_as_request(bro_analyzer(), bro_analyzer()->Conn(), {AdoptRef{}, rv});
 			return true;
 			}
 
@@ -190,7 +190,7 @@ refine connection KRB_Conn += {
 				return false;
 
 			RecordVal* rv = proc_krb_kdc_req_arguments(${msg}, bro_analyzer());
-			BifEvent::enqueue_krb_tgs_request(bro_analyzer(), bro_analyzer()->Conn(), {AdoptRef{}, rv});
+			zeek::BifEvent::enqueue_krb_tgs_request(bro_analyzer(), bro_analyzer()->Conn(), {AdoptRef{}, rv});
 			return true;
 			}
 
@@ -223,7 +223,7 @@ refine connection KRB_Conn += {
 			if ( ! krb_as_response )
 				return false;
 
-			BifEvent::enqueue_krb_as_response(bro_analyzer(), bro_analyzer()->Conn(), make_arg());
+			zeek::BifEvent::enqueue_krb_as_response(bro_analyzer(), bro_analyzer()->Conn(), make_arg());
 			return true;
 			}
 
@@ -232,7 +232,7 @@ refine connection KRB_Conn += {
 			if ( ! krb_tgs_response )
 				return false;
 
-			BifEvent::enqueue_krb_tgs_response(bro_analyzer(), bro_analyzer()->Conn(), make_arg());
+			zeek::BifEvent::enqueue_krb_tgs_response(bro_analyzer(), bro_analyzer()->Conn(), make_arg());
 			return true;
 			}
 
@@ -248,7 +248,7 @@ refine connection KRB_Conn += {
 			proc_error_arguments(rv.get(), ${msg.args1}, 0);
 			rv->Assign(4, asn1_integer_to_val(${msg.error_code}, TYPE_COUNT));
 			proc_error_arguments(rv.get(), ${msg.args2}, binary_to_int64(${msg.error_code.encoding.content}));
-			BifEvent::enqueue_krb_error(bro_analyzer(), bro_analyzer()->Conn(), std::move(rv));
+			zeek::BifEvent::enqueue_krb_error(bro_analyzer(), bro_analyzer()->Conn(), std::move(rv));
 			}
 		return true;
 		%}
@@ -268,7 +268,7 @@ refine connection KRB_Conn += {
 			if ( authenticationinfo )
 				rvticket->Assign(5, authenticationinfo);
 
-			BifEvent::enqueue_krb_ap_request(bro_analyzer(), bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_krb_ap_request(bro_analyzer(), bro_analyzer()->Conn(),
 						      std::move(rvticket), std::move(rv));
 			}
 		return true;
@@ -279,7 +279,7 @@ refine connection KRB_Conn += {
 		bro_analyzer()->ProtocolConfirmation();
 		if ( krb_ap_response )
 			{
-			BifEvent::enqueue_krb_ap_response(bro_analyzer(), bro_analyzer()->Conn());
+			zeek::BifEvent::enqueue_krb_ap_response(bro_analyzer(), bro_analyzer()->Conn());
 			}
 		return true;
 		%}
@@ -337,7 +337,7 @@ refine connection KRB_Conn += {
 						break;
 					}
 				}
-			BifEvent::enqueue_krb_safe(bro_analyzer(), bro_analyzer()->Conn(), ${msg.is_orig}, std::move(rv));
+			zeek::BifEvent::enqueue_krb_safe(bro_analyzer(), bro_analyzer()->Conn(), ${msg.is_orig}, std::move(rv));
 			}
 		return true;
 		%}
@@ -347,7 +347,7 @@ refine connection KRB_Conn += {
 		bro_analyzer()->ProtocolConfirmation();
 		if ( krb_priv )
 			{
-			BifEvent::enqueue_krb_priv(bro_analyzer(), bro_analyzer()->Conn(), ${msg.is_orig});
+			zeek::BifEvent::enqueue_krb_priv(bro_analyzer(), bro_analyzer()->Conn(), ${msg.is_orig});
 			}
 		return true;
 		%}
@@ -357,7 +357,7 @@ refine connection KRB_Conn += {
 		bro_analyzer()->ProtocolConfirmation();
 		if ( krb_cred )
 			{
-			BifEvent::enqueue_krb_cred(bro_analyzer(), bro_analyzer()->Conn(), ${msg.is_orig},
+			zeek::BifEvent::enqueue_krb_cred(bro_analyzer(), bro_analyzer()->Conn(), ${msg.is_orig},
 						    		   proc_tickets(${msg.tickets}));
 			}
 		return true;
diff --git a/src/analyzer/protocol/modbus/modbus-analyzer.pac b/src/analyzer/protocol/modbus/modbus-analyzer.pac
index 52e9d41838..9d5de6a705 100644
--- a/src/analyzer/protocol/modbus/modbus-analyzer.pac
+++ b/src/analyzer/protocol/modbus/modbus-analyzer.pac
@@ -88,7 +88,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_message )
 			{
-			BifEvent::enqueue_modbus_message(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_message(connection()->bro_analyzer(),
 			                                 connection()->bro_analyzer()->Conn(),
 			                                 HeaderToVal(header),
 			                                 is_orig());
@@ -117,7 +117,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_exception )
 			{
-			BifEvent::enqueue_modbus_exception(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_exception(connection()->bro_analyzer(),
 			                                   connection()->bro_analyzer()->Conn(),
 			                                   HeaderToVal(header),
 			                                   ${message.code});
@@ -131,7 +131,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_read_coils_request )
 			{
-			BifEvent::enqueue_modbus_read_coils_request(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_read_coils_request(connection()->bro_analyzer(),
 			                                            connection()->bro_analyzer()->Conn(),
 			                                            HeaderToVal(header),
 			                                            ${message.start_address},
@@ -146,7 +146,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_read_coils_response )
 			{
-			BifEvent::enqueue_modbus_read_coils_response(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_read_coils_response(connection()->bro_analyzer(),
 			                                             connection()->bro_analyzer()->Conn(),
 			                                             HeaderToVal(header),
 			                                             bytestring_to_coils(${message.bits}, ${message.bits}.length()*8));
@@ -159,7 +159,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_read_discrete_inputs_request )
 			{
-			BifEvent::enqueue_modbus_read_discrete_inputs_request(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_read_discrete_inputs_request(connection()->bro_analyzer(),
 			                                                      connection()->bro_analyzer()->Conn(),
 			                                                      HeaderToVal(header),
 			                                                      ${message.start_address}, ${message.quantity});
@@ -173,7 +173,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_read_discrete_inputs_response )
 			{
-			BifEvent::enqueue_modbus_read_discrete_inputs_response(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_read_discrete_inputs_response(connection()->bro_analyzer(),
 			                                                       connection()->bro_analyzer()->Conn(),
 			                                                       HeaderToVal(header),
 			                                                       bytestring_to_coils(${message.bits}, ${message.bits}.length()*8));
@@ -188,7 +188,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_read_holding_registers_request )
 			{
-			BifEvent::enqueue_modbus_read_holding_registers_request(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_read_holding_registers_request(connection()->bro_analyzer(),
 			                                                        connection()->bro_analyzer()->Conn(),
 			                                                        HeaderToVal(header),
 			                                                        ${message.start_address}, ${message.quantity});
@@ -217,7 +217,7 @@ refine flow ModbusTCP_Flow += {
 				t->Assign(i, r);
 				}
 
-			BifEvent::enqueue_modbus_read_holding_registers_response(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_read_holding_registers_response(connection()->bro_analyzer(),
 			                                                         connection()->bro_analyzer()->Conn(),
 			                                                         HeaderToVal(header),
 			                                                         std::move(t));
@@ -232,7 +232,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_read_input_registers_request )
 			{
-			BifEvent::enqueue_modbus_read_input_registers_request(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_read_input_registers_request(connection()->bro_analyzer(),
 			                                                      connection()->bro_analyzer()->Conn(),
 			                                                      HeaderToVal(header),
 			                                                      ${message.start_address}, ${message.quantity});
@@ -261,7 +261,7 @@ refine flow ModbusTCP_Flow += {
 				t->Assign(i, r);
 				}
 
-			BifEvent::enqueue_modbus_read_input_registers_response(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_read_input_registers_response(connection()->bro_analyzer(),
 			                                                       connection()->bro_analyzer()->Conn(),
 			                                                       HeaderToVal(header),
 			                                                       std::move(t));
@@ -288,7 +288,7 @@ refine flow ModbusTCP_Flow += {
 				return false;
 				}
 
-			BifEvent::enqueue_modbus_write_single_coil_request(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_write_single_coil_request(connection()->bro_analyzer(),
 			                                                   connection()->bro_analyzer()->Conn(),
 			                                                   HeaderToVal(header),
 			                                                   ${message.address},
@@ -315,7 +315,7 @@ refine flow ModbusTCP_Flow += {
 				return false;
 				}
 
-			BifEvent::enqueue_modbus_write_single_coil_response(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_write_single_coil_response(connection()->bro_analyzer(),
 			                                                    connection()->bro_analyzer()->Conn(),
 			                                                    HeaderToVal(header),
 			                                                    ${message.address},
@@ -331,7 +331,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_write_single_register_request )
 			{
-			BifEvent::enqueue_modbus_write_single_register_request(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_write_single_register_request(connection()->bro_analyzer(),
 			                                                       connection()->bro_analyzer()->Conn(),
 			                                                       HeaderToVal(header),
 			                                                       ${message.address}, ${message.value});
@@ -345,7 +345,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_write_single_register_response )
 			{
-			BifEvent::enqueue_modbus_write_single_register_response(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_write_single_register_response(connection()->bro_analyzer(),
 			                                                        connection()->bro_analyzer()->Conn(),
 			                                                        HeaderToVal(header),
 			                                                        ${message.address}, ${message.value});
@@ -360,7 +360,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_write_multiple_coils_request )
 			{
-			BifEvent::enqueue_modbus_write_multiple_coils_request(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_write_multiple_coils_request(connection()->bro_analyzer(),
 			                                                      connection()->bro_analyzer()->Conn(),
 			                                                      HeaderToVal(header),
 			                                                      ${message.start_address},
@@ -375,7 +375,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_write_multiple_coils_response )
 			{
-			BifEvent::enqueue_modbus_write_multiple_coils_response(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_write_multiple_coils_response(connection()->bro_analyzer(),
 			                                                       connection()->bro_analyzer()->Conn(),
 			                                                       HeaderToVal(header),
 			                                                       ${message.start_address}, ${message.quantity});
@@ -405,7 +405,7 @@ refine flow ModbusTCP_Flow += {
 				t->Assign(i, r);
 				}
 
-				BifEvent::enqueue_modbus_write_multiple_registers_request(connection()->bro_analyzer(),
+				zeek::BifEvent::enqueue_modbus_write_multiple_registers_request(connection()->bro_analyzer(),
 				                                                          connection()->bro_analyzer()->Conn(),
 				                                                          HeaderToVal(header),
 				                                                          ${message.start_address}, std::move(t));
@@ -419,7 +419,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_write_multiple_registers_response )
 			{
-			BifEvent::enqueue_modbus_write_multiple_registers_response(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_write_multiple_registers_response(connection()->bro_analyzer(),
 			                                                           connection()->bro_analyzer()->Conn(),
 			                                                           HeaderToVal(header),
 			                                                           ${message.start_address}, ${message.quantity});
@@ -447,7 +447,7 @@ refine flow ModbusTCP_Flow += {
 			//	t->Assign(i, l);
 			//	}
 
-			BifEvent::enqueue_modbus_read_file_record_request(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_read_file_record_request(connection()->bro_analyzer(),
 			                                                  connection()->bro_analyzer()->Conn(),
 			                                                  HeaderToVal(header));
 			}
@@ -468,7 +468,7 @@ refine flow ModbusTCP_Flow += {
 			//	t->Assign(i, r);
 			//	}
 
-			BifEvent::enqueue_modbus_read_file_record_response(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_read_file_record_response(connection()->bro_analyzer(),
 			                                                   connection()->bro_analyzer()->Conn(),
 			                                                   HeaderToVal(header));
 			}
@@ -500,7 +500,7 @@ refine flow ModbusTCP_Flow += {
 			//		}
 			//	}
 
-			BifEvent::enqueue_modbus_write_file_record_request(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_write_file_record_request(connection()->bro_analyzer(),
 			                                                   connection()->bro_analyzer()->Conn(),
 			                                                   HeaderToVal(header));
 			}
@@ -532,7 +532,7 @@ refine flow ModbusTCP_Flow += {
 			//		t->Assign(i, k);
 			//		}
 
-			BifEvent::enqueue_modbus_write_file_record_response(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_write_file_record_response(connection()->bro_analyzer(),
 			                                                    connection()->bro_analyzer()->Conn(),
 			                                                    HeaderToVal(header));
 			}
@@ -545,7 +545,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_mask_write_register_request )
 			{
-			BifEvent::enqueue_modbus_mask_write_register_request(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_mask_write_register_request(connection()->bro_analyzer(),
 			                                                     connection()->bro_analyzer()->Conn(),
 			                                                     HeaderToVal(header),
 			                                                     ${message.address},
@@ -560,7 +560,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_mask_write_register_response )
 			{
-			BifEvent::enqueue_modbus_mask_write_register_response(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_mask_write_register_response(connection()->bro_analyzer(),
 			                                                      connection()->bro_analyzer()->Conn(),
 			                                                      HeaderToVal(header),
 			                                                      ${message.address},
@@ -590,7 +590,7 @@ refine flow ModbusTCP_Flow += {
 				t->Assign(i, r);
 				}
 
-			BifEvent::enqueue_modbus_read_write_multiple_registers_request(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_read_write_multiple_registers_request(connection()->bro_analyzer(),
 			                                                               connection()->bro_analyzer()->Conn(),
 			                                                               HeaderToVal(header),
 			                                                               ${message.read_start_address},
@@ -622,7 +622,7 @@ refine flow ModbusTCP_Flow += {
 				t->Assign(i, r);
 				}
 
-			BifEvent::enqueue_modbus_read_write_multiple_registers_response(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_read_write_multiple_registers_response(connection()->bro_analyzer(),
 			                                                                connection()->bro_analyzer()->Conn(),
 			                                                                HeaderToVal(header),
 			                                                                std::move(t));
@@ -636,7 +636,7 @@ refine flow ModbusTCP_Flow += {
 		%{
 		if ( ::modbus_read_fifo_queue_request )
 			{
-			BifEvent::enqueue_modbus_read_fifo_queue_request(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_read_fifo_queue_request(connection()->bro_analyzer(),
 			                                                 connection()->bro_analyzer()->Conn(),
 			                                                 HeaderToVal(header),
 			                                                 ${message.start_address});
@@ -666,7 +666,7 @@ refine flow ModbusTCP_Flow += {
 				t->Assign(i, r);
 				}
 
-			BifEvent::enqueue_modbus_read_fifo_queue_response(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_modbus_read_fifo_queue_response(connection()->bro_analyzer(),
 			                                                  connection()->bro_analyzer()->Conn(),
 			                                                  HeaderToVal(header),
 			                                                  std::move(t));
diff --git a/src/analyzer/protocol/mqtt/commands/connack.pac b/src/analyzer/protocol/mqtt/commands/connack.pac
index 98ac7c4122..c2954efa8a 100644
--- a/src/analyzer/protocol/mqtt/commands/connack.pac
+++ b/src/analyzer/protocol/mqtt/commands/connack.pac
@@ -18,7 +18,7 @@ refine flow MQTT_Flow += {
 			auto m = make_intrusive<RecordVal>(zeek::BifType::Record::MQTT::ConnectAckMsg);
 			m->Assign(0, val_mgr->Count(${msg.return_code}));
 			m->Assign(1, val_mgr->Bool(${msg.session_present}));
-			BifEvent::enqueue_mqtt_connack(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mqtt_connack(connection()->bro_analyzer(),
 			                               connection()->bro_analyzer()->Conn(),
 			                               std::move(m));
 			}
diff --git a/src/analyzer/protocol/mqtt/commands/connect.pac b/src/analyzer/protocol/mqtt/commands/connect.pac
index 4c4f5374a3..407313cc8a 100644
--- a/src/analyzer/protocol/mqtt/commands/connect.pac
+++ b/src/analyzer/protocol/mqtt/commands/connect.pac
@@ -75,7 +75,7 @@ refine flow MQTT_Flow += {
 				                            reinterpret_cast<const char*>(${msg.pass.str}.begin())));
 				}
 
-			BifEvent::enqueue_mqtt_connect(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mqtt_connect(connection()->bro_analyzer(),
 			                               connection()->bro_analyzer()->Conn(),
 			                               std::move(m));
 			}
diff --git a/src/analyzer/protocol/mqtt/commands/disconnect.pac b/src/analyzer/protocol/mqtt/commands/disconnect.pac
index d9f49e20c6..8a3050a3a9 100644
--- a/src/analyzer/protocol/mqtt/commands/disconnect.pac
+++ b/src/analyzer/protocol/mqtt/commands/disconnect.pac
@@ -11,7 +11,7 @@ refine flow MQTT_Flow += {
 		%{
 		if ( mqtt_disconnect )
 			{
-			BifEvent::enqueue_mqtt_disconnect(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mqtt_disconnect(connection()->bro_analyzer(),
 			                                  connection()->bro_analyzer()->Conn());
 			}
 
diff --git a/src/analyzer/protocol/mqtt/commands/pingreq.pac b/src/analyzer/protocol/mqtt/commands/pingreq.pac
index 2c436f0091..3aad0b854d 100644
--- a/src/analyzer/protocol/mqtt/commands/pingreq.pac
+++ b/src/analyzer/protocol/mqtt/commands/pingreq.pac
@@ -11,7 +11,7 @@ refine flow MQTT_Flow += {
 		%{
 		if ( mqtt_pingreq )
 			{
-			BifEvent::enqueue_mqtt_pingreq(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mqtt_pingreq(connection()->bro_analyzer(),
 			                               connection()->bro_analyzer()->Conn());
 			}
 
diff --git a/src/analyzer/protocol/mqtt/commands/pingresp.pac b/src/analyzer/protocol/mqtt/commands/pingresp.pac
index a4295775a5..dc0cb227ba 100644
--- a/src/analyzer/protocol/mqtt/commands/pingresp.pac
+++ b/src/analyzer/protocol/mqtt/commands/pingresp.pac
@@ -11,7 +11,7 @@ refine flow MQTT_Flow += {
 		%{
 		if ( mqtt_pingresp )
 			{
-			BifEvent::enqueue_mqtt_pingresp(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mqtt_pingresp(connection()->bro_analyzer(),
 			                                connection()->bro_analyzer()->Conn());
 			}
 
diff --git a/src/analyzer/protocol/mqtt/commands/puback.pac b/src/analyzer/protocol/mqtt/commands/puback.pac
index b8a6ef57fe..1a3e6454fe 100644
--- a/src/analyzer/protocol/mqtt/commands/puback.pac
+++ b/src/analyzer/protocol/mqtt/commands/puback.pac
@@ -13,7 +13,7 @@ refine flow MQTT_Flow += {
 		%{
 		if ( mqtt_puback )
 			{
-			BifEvent::enqueue_mqtt_puback(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mqtt_puback(connection()->bro_analyzer(),
 			                              connection()->bro_analyzer()->Conn(),
 			                              is_orig,
 			                              ${msg.msg_id});
diff --git a/src/analyzer/protocol/mqtt/commands/pubcomp.pac b/src/analyzer/protocol/mqtt/commands/pubcomp.pac
index f1cf1657a0..28e5650efe 100644
--- a/src/analyzer/protocol/mqtt/commands/pubcomp.pac
+++ b/src/analyzer/protocol/mqtt/commands/pubcomp.pac
@@ -13,7 +13,7 @@ refine flow MQTT_Flow += {
 		%{
 		if ( mqtt_pubcomp )
 			{
-			BifEvent::enqueue_mqtt_pubcomp(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mqtt_pubcomp(connection()->bro_analyzer(),
 			                               connection()->bro_analyzer()->Conn(),
 			                               is_orig,
 			                               ${msg.msg_id});
diff --git a/src/analyzer/protocol/mqtt/commands/publish.pac b/src/analyzer/protocol/mqtt/commands/publish.pac
index ecb1d3e380..ea8e60198e 100644
--- a/src/analyzer/protocol/mqtt/commands/publish.pac
+++ b/src/analyzer/protocol/mqtt/commands/publish.pac
@@ -42,7 +42,7 @@ refine flow MQTT_Flow += {
 
 			m->Assign(5, val_mgr->Count(${msg.payload}.length()));
 
-			BifEvent::enqueue_mqtt_publish(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mqtt_publish(connection()->bro_analyzer(),
 			                               connection()->bro_analyzer()->Conn(),
 			                               ${pdu.is_orig},
 			                               ${msg.qos} == 0 ? 0 : ${msg.msg_id},
diff --git a/src/analyzer/protocol/mqtt/commands/pubrec.pac b/src/analyzer/protocol/mqtt/commands/pubrec.pac
index 84724db804..7aa128ad3c 100644
--- a/src/analyzer/protocol/mqtt/commands/pubrec.pac
+++ b/src/analyzer/protocol/mqtt/commands/pubrec.pac
@@ -13,7 +13,7 @@ refine flow MQTT_Flow += {
 		%{
 		if ( mqtt_pubrec )
 			{
-			BifEvent::enqueue_mqtt_pubrec(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mqtt_pubrec(connection()->bro_analyzer(),
 			                              connection()->bro_analyzer()->Conn(),
 			                              is_orig,
 			                              ${msg.msg_id});
diff --git a/src/analyzer/protocol/mqtt/commands/pubrel.pac b/src/analyzer/protocol/mqtt/commands/pubrel.pac
index 0f329eb3dd..1c11d61289 100644
--- a/src/analyzer/protocol/mqtt/commands/pubrel.pac
+++ b/src/analyzer/protocol/mqtt/commands/pubrel.pac
@@ -13,7 +13,7 @@ refine flow MQTT_Flow += {
 		%{
 		if ( mqtt_pubrel )
 			{
-			BifEvent::enqueue_mqtt_pubrel(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mqtt_pubrel(connection()->bro_analyzer(),
 			                              connection()->bro_analyzer()->Conn(),
 			                              is_orig,
 			                              ${msg.msg_id});
diff --git a/src/analyzer/protocol/mqtt/commands/suback.pac b/src/analyzer/protocol/mqtt/commands/suback.pac
index 1f0adf5e32..79f4d09a05 100644
--- a/src/analyzer/protocol/mqtt/commands/suback.pac
+++ b/src/analyzer/protocol/mqtt/commands/suback.pac
@@ -14,7 +14,7 @@ refine flow MQTT_Flow += {
 		%{
 		if ( mqtt_suback )
 			{
-			BifEvent::enqueue_mqtt_suback(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mqtt_suback(connection()->bro_analyzer(),
 			                              connection()->bro_analyzer()->Conn(),
 			                              ${msg.msg_id},
 			                              ${msg.granted_QoS});
diff --git a/src/analyzer/protocol/mqtt/commands/subscribe.pac b/src/analyzer/protocol/mqtt/commands/subscribe.pac
index a6d9b01dd8..75015bffc7 100644
--- a/src/analyzer/protocol/mqtt/commands/subscribe.pac
+++ b/src/analyzer/protocol/mqtt/commands/subscribe.pac
@@ -31,7 +31,7 @@ refine flow MQTT_Flow += {
 				qos_levels->Assign(qos_levels->Size(), qos);
 				}
 
-			BifEvent::enqueue_mqtt_subscribe(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mqtt_subscribe(connection()->bro_analyzer(),
 			                                 connection()->bro_analyzer()->Conn(),
 			                                 ${msg.msg_id},
 			                                 std::move(topics),
diff --git a/src/analyzer/protocol/mqtt/commands/unsuback.pac b/src/analyzer/protocol/mqtt/commands/unsuback.pac
index 3c368188a3..168d55e1bd 100644
--- a/src/analyzer/protocol/mqtt/commands/unsuback.pac
+++ b/src/analyzer/protocol/mqtt/commands/unsuback.pac
@@ -13,7 +13,7 @@ refine flow MQTT_Flow += {
 		%{
 		if ( mqtt_unsuback )
 			{
-			BifEvent::enqueue_mqtt_unsuback(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mqtt_unsuback(connection()->bro_analyzer(),
 			                                connection()->bro_analyzer()->Conn(),
 			                                ${msg.msg_id});
 			}
diff --git a/src/analyzer/protocol/mqtt/commands/unsubscribe.pac b/src/analyzer/protocol/mqtt/commands/unsubscribe.pac
index 15342aef85..45f68f8d8b 100644
--- a/src/analyzer/protocol/mqtt/commands/unsubscribe.pac
+++ b/src/analyzer/protocol/mqtt/commands/unsubscribe.pac
@@ -23,7 +23,7 @@ refine flow MQTT_Flow += {
 				topics->Assign(topics->Size(), unsubscribe_topic);
 				}
 
-			BifEvent::enqueue_mqtt_unsubscribe(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mqtt_unsubscribe(connection()->bro_analyzer(),
 			                                   connection()->bro_analyzer()->Conn(),
 			                                   ${msg.msg_id},
 			                                   std::move(topics));
diff --git a/src/analyzer/protocol/mysql/mysql-analyzer.pac b/src/analyzer/protocol/mysql/mysql-analyzer.pac
index 3e5ef0afd6..8c94ecdec6 100644
--- a/src/analyzer/protocol/mysql/mysql-analyzer.pac
+++ b/src/analyzer/protocol/mysql/mysql-analyzer.pac
@@ -6,11 +6,11 @@ refine flow MySQL_Flow += {
 		if ( mysql_server_version )
 			{
 			if ( ${msg.version} == 10 )
-				BifEvent::enqueue_mysql_server_version(connection()->bro_analyzer(),
+				zeek::BifEvent::enqueue_mysql_server_version(connection()->bro_analyzer(),
 				                                       connection()->bro_analyzer()->Conn(),
 				                                       make_intrusive<StringVal>(c_str(${msg.handshake10.server_version})));
 			if ( ${msg.version} == 9 )
-				BifEvent::enqueue_mysql_server_version(connection()->bro_analyzer(),
+				zeek::BifEvent::enqueue_mysql_server_version(connection()->bro_analyzer(),
 				                                       connection()->bro_analyzer()->Conn(),
 				                                       make_intrusive<StringVal>(c_str(${msg.handshake9.server_version})));
 			}
@@ -25,11 +25,11 @@ refine flow MySQL_Flow += {
 		if ( mysql_handshake )
 			{
 			if ( ${msg.version} == 10 )
-				BifEvent::enqueue_mysql_handshake(connection()->bro_analyzer(),
+				zeek::BifEvent::enqueue_mysql_handshake(connection()->bro_analyzer(),
 				                                  connection()->bro_analyzer()->Conn(),
 				                                  make_intrusive<StringVal>(c_str(${msg.v10_response.username})));
 			if ( ${msg.version} == 9 )
-				BifEvent::enqueue_mysql_handshake(connection()->bro_analyzer(),
+				zeek::BifEvent::enqueue_mysql_handshake(connection()->bro_analyzer(),
 				                                  connection()->bro_analyzer()->Conn(),
 				                                  make_intrusive<StringVal>(c_str(${msg.v9_response.username})));
 			}
@@ -39,7 +39,7 @@ refine flow MySQL_Flow += {
 	function proc_mysql_command_request_packet(msg: Command_Request_Packet): bool
 		%{
 		if ( mysql_command_request )
-			BifEvent::enqueue_mysql_command_request(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mysql_command_request(connection()->bro_analyzer(),
 			                                        connection()->bro_analyzer()->Conn(),
 			                                        ${msg.command},
 			                                        to_stringval(${msg.arg}));
@@ -49,7 +49,7 @@ refine flow MySQL_Flow += {
 	function proc_err_packet(msg: ERR_Packet): bool
 		%{
 		if ( mysql_error )
-			BifEvent::enqueue_mysql_error(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mysql_error(connection()->bro_analyzer(),
 			                              connection()->bro_analyzer()->Conn(),
 			                              ${msg.code},
 			                              to_stringval(${msg.msg}));
@@ -59,7 +59,7 @@ refine flow MySQL_Flow += {
 	function proc_ok_packet(msg: OK_Packet): bool
 		%{
 		if ( mysql_ok )
-			BifEvent::enqueue_mysql_ok(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_mysql_ok(connection()->bro_analyzer(),
 			                           connection()->bro_analyzer()->Conn(),
 			                           ${msg.rows});
 		return true;
@@ -71,7 +71,7 @@ refine flow MySQL_Flow += {
 			{
 			// This is a bit fake...
 			if ( mysql_ok )
-				BifEvent::enqueue_mysql_ok(connection()->bro_analyzer(),
+				zeek::BifEvent::enqueue_mysql_ok(connection()->bro_analyzer(),
 				                           connection()->bro_analyzer()->Conn(),
 				                           0);
 			}
@@ -98,7 +98,7 @@ refine flow MySQL_Flow += {
 			vv->Assign(vv->Size(), make_intrusive<StringVal>(bstring.length(), ptr));
 			}
 
-		BifEvent::enqueue_mysql_result_row(connection()->bro_analyzer(),
+		zeek::BifEvent::enqueue_mysql_result_row(connection()->bro_analyzer(),
 		                                   connection()->bro_analyzer()->Conn(),
 		                                   std::move(vv));
 
diff --git a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac
index 50d52c5a7d..c95e90982d 100644
--- a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac
+++ b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac
@@ -122,7 +122,7 @@ refine connection NTLM_Conn += {
 		if ( ${val}->has_version() )
 		        result->Assign(3, build_version_record(${val.version}));
 
-		BifEvent::enqueue_ntlm_negotiate(bro_analyzer(),
+		zeek::BifEvent::enqueue_ntlm_negotiate(bro_analyzer(),
 		                                 bro_analyzer()->Conn(),
 		                                 std::move(result));
 
@@ -146,7 +146,7 @@ refine connection NTLM_Conn += {
 		if ( ${val}->has_target_info() )
 			result->Assign(3, build_av_record(${val.target_info},  ${val.target_info_fields.length}));
 
-		BifEvent::enqueue_ntlm_challenge(bro_analyzer(),
+		zeek::BifEvent::enqueue_ntlm_challenge(bro_analyzer(),
 		                                 bro_analyzer()->Conn(),
 		                                 std::move(result));
 
@@ -176,7 +176,7 @@ refine connection NTLM_Conn += {
 		if ( ${val}->has_version() )
 			result->Assign(5, build_version_record(${val.version}));
 
-		BifEvent::enqueue_ntlm_authenticate(bro_analyzer(),
+		zeek::BifEvent::enqueue_ntlm_authenticate(bro_analyzer(),
 		                                    bro_analyzer()->Conn(),
 		                                    std::move(result));
 		return true;
diff --git a/src/analyzer/protocol/ntp/ntp-analyzer.pac b/src/analyzer/protocol/ntp/ntp-analyzer.pac
index 10e92a33a1..35e776c3a9 100644
--- a/src/analyzer/protocol/ntp/ntp-analyzer.pac
+++ b/src/analyzer/protocol/ntp/ntp-analyzer.pac
@@ -147,7 +147,7 @@ refine flow NTP_Flow += {
 		else if ( ${msg.mode} == 7 )
 			rv->Assign(4, BuildNTPMode7Msg(${msg.mode7}));
 
-		BifEvent::enqueue_ntp_message(connection()->bro_analyzer(),
+		zeek::BifEvent::enqueue_ntp_message(connection()->bro_analyzer(),
 		                              connection()->bro_analyzer()->Conn(),
 		                              is_orig(), std::move(rv));
 		return true;
diff --git a/src/analyzer/protocol/radius/radius-analyzer.pac b/src/analyzer/protocol/radius/radius-analyzer.pac
index 337b7a6364..4bb6d006b4 100644
--- a/src/analyzer/protocol/radius/radius-analyzer.pac
+++ b/src/analyzer/protocol/radius/radius-analyzer.pac
@@ -41,7 +41,7 @@ refine flow RADIUS_Flow += {
 			result->Assign(3, attributes);
 		}
 
-		BifEvent::enqueue_radius_message(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), std::move(result));
+		zeek::BifEvent::enqueue_radius_message(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), std::move(result));
 		return true;
 		%}
 
@@ -50,7 +50,7 @@ refine flow RADIUS_Flow += {
 		if ( ! radius_attribute )
 			return false;
 
-		BifEvent::enqueue_radius_attribute(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
+		zeek::BifEvent::enqueue_radius_attribute(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
 		                                    ${attr.code}, to_stringval(${attr.value}));
 		return true;
 		%}
diff --git a/src/analyzer/protocol/rdp/RDP.cc b/src/analyzer/protocol/rdp/RDP.cc
index 1509064221..0d1f77a70d 100644
--- a/src/analyzer/protocol/rdp/RDP.cc
+++ b/src/analyzer/protocol/rdp/RDP.cc
@@ -75,7 +75,7 @@ void RDP_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
 		else
 			{
 			if ( rdp_native_encrypted_data )
-				BifEvent::enqueue_rdp_native_encrypted_data(
+				zeek::BifEvent::enqueue_rdp_native_encrypted_data(
 				        interp->bro_analyzer(), interp->bro_analyzer()->Conn(),
 				        orig, len);
 			}
diff --git a/src/analyzer/protocol/rdp/rdp-analyzer.pac b/src/analyzer/protocol/rdp/rdp-analyzer.pac
index 2e2de63afc..51faabee3c 100644
--- a/src/analyzer/protocol/rdp/rdp-analyzer.pac
+++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac
@@ -9,7 +9,7 @@ refine flow RDP_Flow += {
 		%{
 		if ( rdp_connect_request )
 			{
-			BifEvent::enqueue_rdp_connect_request(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_rdp_connect_request(connection()->bro_analyzer(),
 			                                      connection()->bro_analyzer()->Conn(),
 			                                      to_stringval(${cr.cookie_value}));
 			}
@@ -21,7 +21,7 @@ refine flow RDP_Flow += {
 		%{
 		if ( rdp_negotiation_response )
 			{
-			BifEvent::enqueue_rdp_negotiation_response(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_rdp_negotiation_response(connection()->bro_analyzer(),
 			                                           connection()->bro_analyzer()->Conn(),
 			                                           ${nr.selected_protocol});
 			}
@@ -33,7 +33,7 @@ refine flow RDP_Flow += {
 		%{
 		if ( rdp_negotiation_failure )
 			{
-			BifEvent::enqueue_rdp_negotiation_failure(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_rdp_negotiation_failure(connection()->bro_analyzer(),
 			                                          connection()->bro_analyzer()->Conn(),
 			                                          ${nf.failure_code});
 			}
@@ -47,7 +47,7 @@ refine flow RDP_Flow += {
 		connection()->bro_analyzer()->ProtocolConfirmation();
 
 		if ( rdp_gcc_server_create_response )
-			BifEvent::enqueue_rdp_gcc_server_create_response(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_rdp_gcc_server_create_response(connection()->bro_analyzer(),
 			                                                 connection()->bro_analyzer()->Conn(),
 			                                                 ${gcc_response.result});
 
@@ -94,7 +94,7 @@ refine flow RDP_Flow += {
 			ccd->Assign(18, std::move(ec_flags));
 			ccd->Assign(19, utf16_to_utf8_val(connection()->bro_analyzer()->Conn(), ${ccore.dig_product_id}));
 
-			BifEvent::enqueue_rdp_client_core_data(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_rdp_client_core_data(connection()->bro_analyzer(),
 			                                       connection()->bro_analyzer()->Conn(),
 			                                       std::move(ccd));
 			}
@@ -111,7 +111,7 @@ refine flow RDP_Flow += {
 		csd->Assign(0, val_mgr->Count(${csec.encryption_methods}));
 		csd->Assign(1, val_mgr->Count(${csec.ext_encryption_methods}));
 
-		BifEvent::enqueue_rdp_client_security_data(connection()->bro_analyzer(),
+		zeek::BifEvent::enqueue_rdp_client_security_data(connection()->bro_analyzer(),
 		                                           connection()->bro_analyzer()->Conn(),
 		                                           std::move(csd));
 		return true;
@@ -148,7 +148,7 @@ refine flow RDP_Flow += {
 				channels->Assign(channels->Size(), std::move(channel_def));
 				}
 
-			BifEvent::enqueue_rdp_client_network_data(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_rdp_client_network_data(connection()->bro_analyzer(),
 			                                          connection()->bro_analyzer()->Conn(),
 			                                          std::move(channels));
 			}
@@ -169,7 +169,7 @@ refine flow RDP_Flow += {
 		ccld->Assign(4, val_mgr->Bool(${ccluster.REDIRECTED_SESSIONID_FIELD_VALID}));
 		ccld->Assign(5, val_mgr->Bool(${ccluster.REDIRECTED_SMARTCARD}));
 
-		BifEvent::enqueue_rdp_client_cluster_data(connection()->bro_analyzer(),
+		zeek::BifEvent::enqueue_rdp_client_cluster_data(connection()->bro_analyzer(),
 		                                          connection()->bro_analyzer()->Conn(),
 		                                          std::move(ccld));
 		return true;
@@ -180,7 +180,7 @@ refine flow RDP_Flow += {
 		connection()->bro_analyzer()->ProtocolConfirmation();
 
 		if ( rdp_server_security )
-			BifEvent::enqueue_rdp_server_security(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_rdp_server_security(connection()->bro_analyzer(),
 			                                       connection()->bro_analyzer()->Conn(),
 			                                       ${ssd.encryption_method},
 			                                       ${ssd.encryption_level});
@@ -192,7 +192,7 @@ refine flow RDP_Flow += {
 		%{
 		if ( rdp_server_certificate )
 			{
-			BifEvent::enqueue_rdp_server_certificate(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_rdp_server_certificate(connection()->bro_analyzer(),
 			                                          connection()->bro_analyzer()->Conn(),
 			                                          ${cert.cert_type},
 			                                          ${cert.permanently_issued});
diff --git a/src/analyzer/protocol/rdp/rdp-protocol.pac b/src/analyzer/protocol/rdp/rdp-protocol.pac
index 4d7ac79df2..ca88d90284 100644
--- a/src/analyzer/protocol/rdp/rdp-protocol.pac
+++ b/src/analyzer/protocol/rdp/rdp-protocol.pac
@@ -383,7 +383,7 @@ refine connection RDP_Conn += {
 
 		if ( rdp_begin_encryption )
 			{
-			BifEvent::enqueue_rdp_begin_encryption(bro_analyzer(),
+			zeek::BifEvent::enqueue_rdp_begin_encryption(bro_analyzer(),
 			                                       bro_analyzer()->Conn(),
 			                                       ${method});
 			}
diff --git a/src/analyzer/protocol/rdp/rdpeudp-analyzer.pac b/src/analyzer/protocol/rdp/rdpeudp-analyzer.pac
index a5744b637c..9e2730ba60 100644
--- a/src/analyzer/protocol/rdp/rdpeudp-analyzer.pac
+++ b/src/analyzer/protocol/rdp/rdpeudp-analyzer.pac
@@ -45,7 +45,7 @@ refine connection RDPEUDP_Conn += {
 			orig_lossy_ = true;
 
 		if ( rdpeudp_syn )
-			BifEvent::enqueue_rdpeudp_syn(bro_analyzer(), bro_analyzer()->Conn());
+			zeek::BifEvent::enqueue_rdpeudp_syn(bro_analyzer(), bro_analyzer()->Conn());
 
 		state_ = NEED_SYNACK;
 		return true;
@@ -60,7 +60,7 @@ refine connection RDPEUDP_Conn += {
 			return false;
 
 		if ( rdpeudp_synack )
-			BifEvent::enqueue_rdpeudp_synack(bro_analyzer(), bro_analyzer()->Conn());
+			zeek::BifEvent::enqueue_rdpeudp_synack(bro_analyzer(), bro_analyzer()->Conn());
 
 		bro_analyzer()->ProtocolConfirmation();
 		state_ = NEED_ACK;
@@ -79,11 +79,11 @@ refine connection RDPEUDP_Conn += {
 			state_ = ESTABLISHED;
 
 			if ( rdpeudp_established )
-				BifEvent::enqueue_rdpeudp_established(bro_analyzer(), bro_analyzer()->Conn(), 1);
+				zeek::BifEvent::enqueue_rdpeudp_established(bro_analyzer(), bro_analyzer()->Conn(), 1);
 			}
 
 		if ( state_ == ESTABLISHED && rdpeudp_data )
-			BifEvent::enqueue_rdpeudp_data(bro_analyzer(),
+			zeek::BifEvent::enqueue_rdpeudp_data(bro_analyzer(),
 							bro_analyzer()->Conn(),
 							is_orig,
 							1,
@@ -102,13 +102,13 @@ refine connection RDPEUDP_Conn += {
 		if ( state_ == NEED_ACK )
 			{
 			if ( rdpeudp_established )
-				BifEvent::enqueue_rdpeudp_established(bro_analyzer(), bro_analyzer()->Conn(), 2);
+				zeek::BifEvent::enqueue_rdpeudp_established(bro_analyzer(), bro_analyzer()->Conn(), 2);
 
 			state_ = ESTABLISHED;
 			}
 
 		if ( state_ == ESTABLISHED && rdpeudp_data )
-			BifEvent::enqueue_rdpeudp_data(bro_analyzer(),
+			zeek::BifEvent::enqueue_rdpeudp_data(bro_analyzer(),
 							bro_analyzer()->Conn(),
 							is_orig,
 							2,
diff --git a/src/analyzer/protocol/rfb/rfb-analyzer.pac b/src/analyzer/protocol/rfb/rfb-analyzer.pac
index 80f6c2c58b..b3e99e1af2 100644
--- a/src/analyzer/protocol/rfb/rfb-analyzer.pac
+++ b/src/analyzer/protocol/rfb/rfb-analyzer.pac
@@ -4,7 +4,7 @@ refine flow RFB_Flow += {
 		if ( client )
 			{
 			if ( rfb_client_version )
-				BifEvent::enqueue_rfb_client_version(connection()->bro_analyzer(),
+				zeek::BifEvent::enqueue_rfb_client_version(connection()->bro_analyzer(),
 				                                     connection()->bro_analyzer()->Conn(),
 				                                     to_stringval(major),
 				                                     to_stringval(minor));
@@ -14,7 +14,7 @@ refine flow RFB_Flow += {
 		else
 			{
 			if ( rfb_server_version )
-				BifEvent::enqueue_rfb_server_version(connection()->bro_analyzer(),
+				zeek::BifEvent::enqueue_rfb_server_version(connection()->bro_analyzer(),
 				                                     connection()->bro_analyzer()->Conn(),
 				                                     to_stringval(major),
 				                                     to_stringval(minor));
@@ -26,21 +26,21 @@ refine flow RFB_Flow += {
 	function proc_rfb_share_flag(shared: bool) : bool
 		%{
 		if ( rfb_share_flag )
-			BifEvent::enqueue_rfb_share_flag(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), shared);
+			zeek::BifEvent::enqueue_rfb_share_flag(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), shared);
 		return true;
 		%}
 
 	function proc_security_types(msg: RFBSecurityType) : bool
 		%{
 		if ( rfb_authentication_type )
-			BifEvent::enqueue_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.sectype});
+			zeek::BifEvent::enqueue_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.sectype});
 		return true;
 		%}
 
 	function proc_security_types37(msg: RFBAuthTypeSelected) : bool
 		%{
 		if ( rfb_authentication_type )
-			BifEvent::enqueue_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.type});
+			zeek::BifEvent::enqueue_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.type});
 		return true;
 		%}
 
@@ -50,7 +50,7 @@ refine flow RFB_Flow += {
 			{
 			auto vec_ptr = ${msg.name};
 			auto name_ptr = &((*vec_ptr)[0]);
-			BifEvent::enqueue_rfb_server_parameters(
+			zeek::BifEvent::enqueue_rfb_server_parameters(
 			    connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
 			    make_intrusive<StringVal>(${msg.name}->size(), (const char*)name_ptr),
 			    ${msg.width},
@@ -62,7 +62,7 @@ refine flow RFB_Flow += {
 	function proc_handle_security_result(result : uint32) : bool
 		%{
 		if ( rfb_auth_result )
-			BifEvent::enqueue_rfb_auth_result(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), result);
+			zeek::BifEvent::enqueue_rfb_auth_result(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), result);
 		return true;
 		%}
 };
diff --git a/src/analyzer/protocol/sip/sip-analyzer.pac b/src/analyzer/protocol/sip/sip-analyzer.pac
index 0b37a5c385..39b465ab7a 100644
--- a/src/analyzer/protocol/sip/sip-analyzer.pac
+++ b/src/analyzer/protocol/sip/sip-analyzer.pac
@@ -20,7 +20,7 @@ refine flow SIP_Flow += {
 		%{
 		if ( sip_request )
 			{
-			BifEvent::enqueue_sip_request(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_sip_request(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
 						       to_stringval(method), to_stringval(uri),
 						       to_stringval(${vers.vers_str}));
 			}
@@ -35,7 +35,7 @@ refine flow SIP_Flow += {
 		connection()->bro_analyzer()->ProtocolConfirmation();
 		if ( sip_reply )
 			{
-			BifEvent::enqueue_sip_reply(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_sip_reply(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
 						     to_stringval(${vers.vers_str}), code, to_stringval(reason));
 			}
 
@@ -53,7 +53,7 @@ refine flow SIP_Flow += {
 			{
 			auto nameval = to_stringval(name);
 			nameval->ToUpper();
-			BifEvent::enqueue_sip_header(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_sip_header(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
 						      is_orig(), std::move(nameval), to_stringval(value));
 			}
 
@@ -83,7 +83,7 @@ refine flow SIP_Flow += {
 		%{
 		if ( sip_all_headers )
 			{
-			BifEvent::enqueue_sip_all_headers(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_sip_all_headers(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(),
 							   is_orig(), {AdoptRef{}, build_sip_headers_val()});
 			}
 
@@ -127,7 +127,7 @@ refine flow SIP_Flow += {
 		%{
 		if ( sip_begin_entity )
 			{
-			BifEvent::enqueue_sip_begin_entity(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig());
+			zeek::BifEvent::enqueue_sip_begin_entity(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig());
 			}
 		%}
 
@@ -135,7 +135,7 @@ refine flow SIP_Flow += {
 		%{
 		if ( sip_end_entity )
 			{
-			BifEvent::enqueue_sip_end_entity(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig());
+			zeek::BifEvent::enqueue_sip_end_entity(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), is_orig());
 			}
 
 		return true;
diff --git a/src/analyzer/protocol/smb/smb1-com-check-directory.pac b/src/analyzer/protocol/smb/smb1-com-check-directory.pac
index 8643192a59..3c7747fc7b 100644
--- a/src/analyzer/protocol/smb/smb1-com-check-directory.pac
+++ b/src/analyzer/protocol/smb/smb1-com-check-directory.pac
@@ -3,7 +3,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_check_directory_request(header: SMB_Header, val: SMB1_check_directory_request): bool
 		%{
 		if ( smb1_check_directory_request )
-			BifEvent::enqueue_smb1_check_directory_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_check_directory_request(bro_analyzer(),
 			                                               bro_analyzer()->Conn(),
 			                                               SMBHeaderVal(header),
 			                                               smb_string2stringval(${val.directory_name}));
@@ -13,7 +13,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_check_directory_response(header: SMB_Header, val: SMB1_check_directory_response): bool
 		%{
 		if ( smb1_check_directory_response )
-			BifEvent::enqueue_smb1_check_directory_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_check_directory_response(bro_analyzer(),
 			                                                bro_analyzer()->Conn(),
 			                                                SMBHeaderVal(header));
 		return true;
diff --git a/src/analyzer/protocol/smb/smb1-com-close.pac b/src/analyzer/protocol/smb/smb1-com-close.pac
index f07fce3820..8e85de4685 100644
--- a/src/analyzer/protocol/smb/smb1-com-close.pac
+++ b/src/analyzer/protocol/smb/smb1-com-close.pac
@@ -3,7 +3,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_close_request(h: SMB_Header, val: SMB1_close_request): bool
 		%{
 		if ( smb1_close_request )
-			BifEvent::enqueue_smb1_close_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_close_request(bro_analyzer(),
 			                                     bro_analyzer()->Conn(),
 			                                     SMBHeaderVal(h),
 			                                     ${val.file_id});
diff --git a/src/analyzer/protocol/smb/smb1-com-create-directory.pac b/src/analyzer/protocol/smb/smb1-com-create-directory.pac
index adc84619a8..af9b9f4897 100644
--- a/src/analyzer/protocol/smb/smb1-com-create-directory.pac
+++ b/src/analyzer/protocol/smb/smb1-com-create-directory.pac
@@ -3,7 +3,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_create_directory_request(header: SMB_Header, val: SMB1_create_directory_request): bool
 		%{
 		if ( smb1_create_directory_request )
-			BifEvent::enqueue_smb1_create_directory_request(bro_analyzer(), bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_smb1_create_directory_request(bro_analyzer(), bro_analyzer()->Conn(),
 			                                                SMBHeaderVal(header),
 			                                                smb_string2stringval(${val.directory_name}));
 		return true;
@@ -11,7 +11,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_create_directory_response(header: SMB_Header, val: SMB1_create_directory_response): bool
 		%{
 		if ( smb1_create_directory_response )
-			BifEvent::enqueue_smb1_create_directory_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_create_directory_response(bro_analyzer(),
 			                                                 bro_analyzer()->Conn(),
 			                                                 SMBHeaderVal(header));
 		return true;
diff --git a/src/analyzer/protocol/smb/smb1-com-echo.pac b/src/analyzer/protocol/smb/smb1-com-echo.pac
index c8a8f9eb0c..33fb977748 100644
--- a/src/analyzer/protocol/smb/smb1-com-echo.pac
+++ b/src/analyzer/protocol/smb/smb1-com-echo.pac
@@ -3,7 +3,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_echo_request(header: SMB_Header, val: SMB1_echo_request): bool
 		%{
 		if ( smb1_echo_request )
-			BifEvent::enqueue_smb1_echo_request(bro_analyzer(), bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_smb1_echo_request(bro_analyzer(), bro_analyzer()->Conn(),
 			                                    ${val.echo_count}, to_stringval(${val.data}));
 		return true;
 		%}
@@ -11,7 +11,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_echo_response(header: SMB_Header, val: SMB1_echo_response): bool
 		%{
 		if ( smb1_echo_response )
-			BifEvent::enqueue_smb1_echo_response(bro_analyzer(), bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_smb1_echo_response(bro_analyzer(), bro_analyzer()->Conn(),
 			                                     ${val.seq_num}, to_stringval(${val.data}));
 		return true;
 		%}
diff --git a/src/analyzer/protocol/smb/smb1-com-logoff-andx.pac b/src/analyzer/protocol/smb/smb1-com-logoff-andx.pac
index 878d549022..7efc8993ca 100644
--- a/src/analyzer/protocol/smb/smb1-com-logoff-andx.pac
+++ b/src/analyzer/protocol/smb/smb1-com-logoff-andx.pac
@@ -3,7 +3,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_logoff_andx(header: SMB_Header, val: SMB1_logoff_andx): bool
 		%{
 		if ( smb1_logoff_andx )
-			BifEvent::enqueue_smb1_logoff_andx(bro_analyzer(), bro_analyzer()->Conn(), ${val.is_orig});
+			zeek::BifEvent::enqueue_smb1_logoff_andx(bro_analyzer(), bro_analyzer()->Conn(), ${val.is_orig});
 
 		return true;
 		%}
diff --git a/src/analyzer/protocol/smb/smb1-com-negotiate.pac b/src/analyzer/protocol/smb/smb1-com-negotiate.pac
index 8240848111..1a6ef0c3bd 100644
--- a/src/analyzer/protocol/smb/smb1-com-negotiate.pac
+++ b/src/analyzer/protocol/smb/smb1-com-negotiate.pac
@@ -23,7 +23,7 @@ refine connection SMB_Conn += {
 				dialects->Assign(i, std::move(dia));
 				}
 
-			BifEvent::enqueue_smb1_negotiate_request(bro_analyzer(), bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_smb1_negotiate_request(bro_analyzer(), bro_analyzer()->Conn(),
 			                                         SMBHeaderVal(header),
 			                                         std::move(dialects));
 			}
@@ -135,7 +135,7 @@ refine connection SMB_Conn += {
 					}
 					break;
 				}
-			BifEvent::enqueue_smb1_negotiate_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_negotiate_response(bro_analyzer(),
 			                                          bro_analyzer()->Conn(),
 			                                          SMBHeaderVal(header),
 			                                          std::move(response));
diff --git a/src/analyzer/protocol/smb/smb1-com-nt-cancel.pac b/src/analyzer/protocol/smb/smb1-com-nt-cancel.pac
index 17da194d01..185c49b6b5 100644
--- a/src/analyzer/protocol/smb/smb1-com-nt-cancel.pac
+++ b/src/analyzer/protocol/smb/smb1-com-nt-cancel.pac
@@ -3,7 +3,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_nt_cancel_request(header: SMB_Header, val: SMB1_nt_cancel_request): bool
 		%{
 		if ( smb1_nt_cancel_request )
-			BifEvent::enqueue_smb1_nt_cancel_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_nt_cancel_request(bro_analyzer(),
 			                                         bro_analyzer()->Conn(),
 			                                         SMBHeaderVal(header));
 		return true;
diff --git a/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac b/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac
index f07f9774e2..c7c0ba745e 100644
--- a/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac
+++ b/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac
@@ -9,13 +9,13 @@ refine connection SMB_Conn += {
 			set_tree_is_pipe(${header.tid});
 
 			if ( smb_pipe_connect_heuristic )
-				BifEvent::enqueue_smb_pipe_connect_heuristic(bro_analyzer(),
+				zeek::BifEvent::enqueue_smb_pipe_connect_heuristic(bro_analyzer(),
 				                                             bro_analyzer()->Conn());
 			}
 
 		if ( smb1_nt_create_andx_request )
 			{
-			BifEvent::enqueue_smb1_nt_create_andx_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_nt_create_andx_request(bro_analyzer(),
 			                                              bro_analyzer()->Conn(),
 			                                              SMBHeaderVal(header),
 			                                              std::move(filename));
@@ -28,7 +28,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb1_nt_create_andx_response )
 			{
-			BifEvent::enqueue_smb1_nt_create_andx_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_nt_create_andx_response(bro_analyzer(),
 			                                               bro_analyzer()->Conn(),
 			                                               SMBHeaderVal(header),
 			                                               ${val.file_id},
diff --git a/src/analyzer/protocol/smb/smb1-com-query-information.pac b/src/analyzer/protocol/smb/smb1-com-query-information.pac
index fd458222f1..a5dc03366b 100644
--- a/src/analyzer/protocol/smb/smb1-com-query-information.pac
+++ b/src/analyzer/protocol/smb/smb1-com-query-information.pac
@@ -3,7 +3,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_query_information_request(header: SMB_Header, val: SMB1_query_information_request): bool
 		%{
 		if ( smb1_query_information_request )
-			BifEvent::enqueue_smb1_query_information_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_query_information_request(bro_analyzer(),
 			                                                 bro_analyzer()->Conn(),
 			                                                 SMBHeaderVal(header),
 			                                                 smb_string2stringval(${val.filename}));
diff --git a/src/analyzer/protocol/smb/smb1-com-read-andx.pac b/src/analyzer/protocol/smb/smb1-com-read-andx.pac
index a90518b604..79317a3450 100644
--- a/src/analyzer/protocol/smb/smb1-com-read-andx.pac
+++ b/src/analyzer/protocol/smb/smb1-com-read-andx.pac
@@ -9,7 +9,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_read_andx_request(h: SMB_Header, val: SMB1_read_andx_request): bool
 		%{
 		if ( smb1_read_andx_request )
-			BifEvent::enqueue_smb1_read_andx_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_read_andx_request(bro_analyzer(),
 			                                         bro_analyzer()->Conn(),
 			                                         SMBHeaderVal(h),
 			                                         ${val.file_id},
@@ -23,7 +23,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_read_andx_response(h: SMB_Header, val: SMB1_read_andx_response): bool
 		%{
 		if ( smb1_read_andx_response )
-			BifEvent::enqueue_smb1_read_andx_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_read_andx_response(bro_analyzer(),
 			                                          bro_analyzer()->Conn(),
 			                                          SMBHeaderVal(h),
 			                                          ${val.data_len});
diff --git a/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac b/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac
index f5d2628e26..ddc2c6ce3e 100644
--- a/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac
+++ b/src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac
@@ -78,7 +78,7 @@ refine connection SMB_Conn += {
 					break;
 				}
 
-			BifEvent::enqueue_smb1_session_setup_andx_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_session_setup_andx_request(bro_analyzer(),
 			                                                  bro_analyzer()->Conn(),
 			                                                  SMBHeaderVal(header),
 			                                                  std::move(request));
@@ -112,7 +112,7 @@ refine connection SMB_Conn += {
 					break;
 				}
 
-			BifEvent::enqueue_smb1_session_setup_andx_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_session_setup_andx_response(bro_analyzer(),
 			                                                   bro_analyzer()->Conn(),
 			                                                   SMBHeaderVal(header),
 			                                                   std::move(response));
diff --git a/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac b/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac
index a065d6ac9d..321e1f9183 100644
--- a/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac
+++ b/src/analyzer/protocol/smb/smb1-com-transaction-secondary.pac
@@ -45,7 +45,7 @@ refine connection SMB_Conn += {
 		payload_str = val_mgr->EmptyString();
 		}
 
-	BifEvent::enqueue_smb1_transaction_secondary_request(bro_analyzer(),
+	zeek::BifEvent::enqueue_smb1_transaction_secondary_request(bro_analyzer(),
 	                                                     bro_analyzer()->Conn(),
 	                                                     SMBHeaderVal(header),
 	                                                     std::move(args),
diff --git a/src/analyzer/protocol/smb/smb1-com-transaction.pac b/src/analyzer/protocol/smb/smb1-com-transaction.pac
index 1ffc80209f..221f8c5549 100644
--- a/src/analyzer/protocol/smb/smb1-com-transaction.pac
+++ b/src/analyzer/protocol/smb/smb1-com-transaction.pac
@@ -62,7 +62,7 @@ refine connection SMB_Conn += {
 		else
 			payload_str = val_mgr->EmptyString();
 
-		BifEvent::enqueue_smb1_transaction_request(bro_analyzer(),
+		zeek::BifEvent::enqueue_smb1_transaction_request(bro_analyzer(),
 		                                           bro_analyzer()->Conn(),
 		                                           SMBHeaderVal(header),
 		                                           smb_string2stringval(${val.name}),
@@ -87,7 +87,7 @@ refine connection SMB_Conn += {
 		else
 			payload_str = val_mgr->EmptyString();
 
-		BifEvent::enqueue_smb1_transaction_response(bro_analyzer(),
+		zeek::BifEvent::enqueue_smb1_transaction_response(bro_analyzer(),
 		                                            bro_analyzer()->Conn(),
 		                                            SMBHeaderVal(header),
 		                                            std::move(parameters),
diff --git a/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac b/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac
index 3ecd1f65c8..a3a65c8367 100644
--- a/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac
+++ b/src/analyzer/protocol/smb/smb1-com-transaction2-secondary.pac
@@ -19,7 +19,7 @@ refine connection SMB_Conn += {
 	auto parameters = make_intrusive<StringVal>(${val.parameters}.length(), (const char*)${val.parameters}.data());
 	auto payload = make_intrusive<StringVal>(${val.data}.length(), (const char*)${val.data}.data());
 
-	BifEvent::enqueue_smb1_transaction2_secondary_request(bro_analyzer(),
+	zeek::BifEvent::enqueue_smb1_transaction2_secondary_request(bro_analyzer(),
 	                                                      bro_analyzer()->Conn(),
 	                                                      SMBHeaderVal(header),
 	                                                      std::move(args),
diff --git a/src/analyzer/protocol/smb/smb1-com-transaction2.pac b/src/analyzer/protocol/smb/smb1-com-transaction2.pac
index 491d06d06c..b13865d989 100644
--- a/src/analyzer/protocol/smb/smb1-com-transaction2.pac
+++ b/src/analyzer/protocol/smb/smb1-com-transaction2.pac
@@ -38,7 +38,7 @@ refine connection SMB_Conn += {
 			args->Assign(10, val_mgr->Count(${val.data_offset}));
 			args->Assign(11, val_mgr->Count(${val.setup_count}));
 
-			BifEvent::enqueue_smb1_transaction2_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_transaction2_request(bro_analyzer(),
 			                                            bro_analyzer()->Conn(),
 			                                            SMBHeaderVal(header),
 			                                            std::move(args),
@@ -51,7 +51,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_transaction2_response(header: SMB_Header, val: SMB1_transaction2_response): bool
 		%{
 		//if ( smb1_transaction2_response )
-		//	BifEvent::enqueue_smb1_transaction2_response(bro_analyzer(), bro_analyzer()->Conn(), SMBHeaderVal(header), ${val.sub_cmd});
+		//	zeek::BifEvent::enqueue_smb1_transaction2_response(bro_analyzer(), bro_analyzer()->Conn(), SMBHeaderVal(header), ${val.sub_cmd});
 		return true;
 		%}
 
@@ -138,7 +138,7 @@ refine connection SMB_Conn += {
 			result->Assign(3, val_mgr->Count(${val.info_level}));
 			result->Assign(4, val_mgr->Count(${val.search_storage_type}));
 			result->Assign(5, smb_string2stringval(${val.file_name}));
-			BifEvent::enqueue_smb1_trans2_find_first2_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_trans2_find_first2_request(bro_analyzer(),
 			                                                  bro_analyzer()->Conn(),
 															  SMBHeaderVal(header),
 															  std::move(result));
@@ -217,7 +217,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb1_trans2_query_path_info_request )
 			{
-			BifEvent::enqueue_smb1_trans2_query_path_info_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_trans2_query_path_info_request(bro_analyzer(),
 			                                                      bro_analyzer()->Conn(),
 																  SMBHeaderVal(header),
 																  smb_string2stringval(${val.file_name}));
@@ -322,7 +322,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb1_trans2_get_dfs_referral_request )
 			{
-			BifEvent::enqueue_smb1_trans2_get_dfs_referral_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_trans2_get_dfs_referral_request(bro_analyzer(),
 			                                                       bro_analyzer()->Conn(),
 			                                                       SMBHeaderVal(header),
 			                                                       smb_string2stringval(${val.file_name}));
diff --git a/src/analyzer/protocol/smb/smb1-com-tree-connect-andx.pac b/src/analyzer/protocol/smb/smb1-com-tree-connect-andx.pac
index a2c415e56c..914aef838b 100644
--- a/src/analyzer/protocol/smb/smb1-com-tree-connect-andx.pac
+++ b/src/analyzer/protocol/smb/smb1-com-tree-connect-andx.pac
@@ -3,7 +3,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_tree_connect_andx_request(header: SMB_Header, val: SMB1_tree_connect_andx_request): bool
 		%{
 		if ( smb1_tree_connect_andx_request )
-			BifEvent::enqueue_smb1_tree_connect_andx_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_tree_connect_andx_request(bro_analyzer(),
 			                                                 bro_analyzer()->Conn(),
 			                                                 SMBHeaderVal(header),
 			                                                 smb_string2stringval(${val.path}),
@@ -20,7 +20,7 @@ refine connection SMB_Conn += {
 			set_tree_is_pipe(${header.tid});
 
 		if ( smb1_tree_connect_andx_response )
-			BifEvent::enqueue_smb1_tree_connect_andx_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_tree_connect_andx_response(bro_analyzer(),
 			                                                  bro_analyzer()->Conn(),
 			                                                  SMBHeaderVal(header),
 			                                                  std::move(service_string),
diff --git a/src/analyzer/protocol/smb/smb1-com-tree-disconnect.pac b/src/analyzer/protocol/smb/smb1-com-tree-disconnect.pac
index b0178b65aa..7a23729181 100644
--- a/src/analyzer/protocol/smb/smb1-com-tree-disconnect.pac
+++ b/src/analyzer/protocol/smb/smb1-com-tree-disconnect.pac
@@ -3,7 +3,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_tree_disconnect(header: SMB_Header, val: SMB1_tree_disconnect): bool
 		%{
 		if ( smb1_tree_disconnect )
-			BifEvent::enqueue_smb1_tree_disconnect(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_tree_disconnect(bro_analyzer(),
 			                                       bro_analyzer()->Conn(),
 			                                       SMBHeaderVal(header),
 			                                       ${val.is_orig});
diff --git a/src/analyzer/protocol/smb/smb1-com-write-andx.pac b/src/analyzer/protocol/smb/smb1-com-write-andx.pac
index b2fd8d9381..8831d730df 100644
--- a/src/analyzer/protocol/smb/smb1-com-write-andx.pac
+++ b/src/analyzer/protocol/smb/smb1-com-write-andx.pac
@@ -3,7 +3,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_write_andx_request(h: SMB_Header, val: SMB1_write_andx_request): bool
 		%{
 		if ( smb1_write_andx_request )
-			BifEvent::enqueue_smb1_write_andx_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_write_andx_request(bro_analyzer(),
 			                                          bro_analyzer()->Conn(),
 			                                          SMBHeaderVal(h),
 			                                          ${val.file_id},
@@ -24,7 +24,7 @@ refine connection SMB_Conn += {
 	function proc_smb1_write_andx_response(h: SMB_Header, val: SMB1_write_andx_response): bool
 		%{
 		if ( smb1_write_andx_response )
-			BifEvent::enqueue_smb1_write_andx_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_write_andx_response(bro_analyzer(),
 			                                           bro_analyzer()->Conn(),
 			                                           SMBHeaderVal(h),
 			                                           ${val.written_bytes});
diff --git a/src/analyzer/protocol/smb/smb1-protocol.pac b/src/analyzer/protocol/smb/smb1-protocol.pac
index bafb427f5f..63e6d87e87 100644
--- a/src/analyzer/protocol/smb/smb1-protocol.pac
+++ b/src/analyzer/protocol/smb/smb1-protocol.pac
@@ -43,7 +43,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb1_message )
 			{
-			BifEvent::enqueue_smb1_message(bro_analyzer(), bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_smb1_message(bro_analyzer(), bro_analyzer()->Conn(),
 			                                SMBHeaderVal(h),
 			                                is_orig);
 			}
@@ -54,7 +54,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb1_empty_response )
 			{
-			BifEvent::enqueue_smb1_empty_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb1_empty_response(bro_analyzer(),
 			                                      bro_analyzer()->Conn(),
 			                                      SMBHeaderVal(header));
 			}
@@ -67,7 +67,7 @@ refine connection SMB_Conn += {
 			{
 			if ( smb1_empty_response )
 				{
-				BifEvent::enqueue_smb1_empty_response(bro_analyzer(),
+				zeek::BifEvent::enqueue_smb1_empty_response(bro_analyzer(),
 				                                      bro_analyzer()->Conn(),
 				                                      SMBHeaderVal(h));
 				}
@@ -75,7 +75,7 @@ refine connection SMB_Conn += {
 		else
 			{
 			if ( smb1_error )
-				BifEvent::enqueue_smb1_error(bro_analyzer(),
+				zeek::BifEvent::enqueue_smb1_error(bro_analyzer(),
 				                             bro_analyzer()->Conn(),
 				                             SMBHeaderVal(h), is_orig);
 			}
diff --git a/src/analyzer/protocol/smb/smb2-com-close.pac b/src/analyzer/protocol/smb/smb2-com-close.pac
index be049dd5d2..db6b24b9b4 100644
--- a/src/analyzer/protocol/smb/smb2-com-close.pac
+++ b/src/analyzer/protocol/smb/smb2-com-close.pac
@@ -4,7 +4,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb2_close_request )
 			{
-			BifEvent::enqueue_smb2_close_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_close_request(bro_analyzer(),
 			                                     bro_analyzer()->Conn(),
 			                                     BuildSMB2HeaderVal(h),
 			                                     BuildSMB2GUID(${val.file_id}));
@@ -30,7 +30,7 @@ refine connection SMB_Conn += {
 			                                  ${val.change_time}));
 			resp->Assign(3, smb2_file_attrs_to_bro(${val.file_attrs}));
 
-			BifEvent::enqueue_smb2_close_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_close_response(bro_analyzer(),
 			                                      bro_analyzer()->Conn(),
 			                                      BuildSMB2HeaderVal(h),
 			                                      std::move(resp));
diff --git a/src/analyzer/protocol/smb/smb2-com-create.pac b/src/analyzer/protocol/smb/smb2-com-create.pac
index ff60931c9d..ac9feb22f0 100644
--- a/src/analyzer/protocol/smb/smb2-com-create.pac
+++ b/src/analyzer/protocol/smb/smb2-com-create.pac
@@ -10,7 +10,7 @@ refine connection SMB_Conn += {
 			set_tree_is_pipe(${h.tree_id});
 
 			if ( smb_pipe_connect_heuristic )
-				BifEvent::enqueue_smb_pipe_connect_heuristic(bro_analyzer(),
+				zeek::BifEvent::enqueue_smb_pipe_connect_heuristic(bro_analyzer(),
 				                                             bro_analyzer()->Conn());
 			}
 
@@ -20,7 +20,7 @@ refine connection SMB_Conn += {
 			requestinfo->Assign(0, std::move(filename));
 			requestinfo->Assign(1, val_mgr->Count(${val.disposition}));
 			requestinfo->Assign(2, val_mgr->Count(${val.create_options}));
-			BifEvent::enqueue_smb2_create_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_create_request(bro_analyzer(),
 			                                      bro_analyzer()->Conn(),
 			                                      BuildSMB2HeaderVal(h),
 			                                      std::move(requestinfo));
@@ -42,7 +42,7 @@ refine connection SMB_Conn += {
 			                                          ${val.change_time}));
 			responseinfo->Assign(3, smb2_file_attrs_to_bro(${val.file_attrs}));
 			responseinfo->Assign(4, val_mgr->Count(${val.create_action}));
-			BifEvent::enqueue_smb2_create_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_create_response(bro_analyzer(),
 			                                       bro_analyzer()->Conn(),
 			                                       BuildSMB2HeaderVal(h),
 												   std::move(responseinfo));
diff --git a/src/analyzer/protocol/smb/smb2-com-negotiate.pac b/src/analyzer/protocol/smb/smb2-com-negotiate.pac
index 024f25b76f..cc639088f2 100644
--- a/src/analyzer/protocol/smb/smb2-com-negotiate.pac
+++ b/src/analyzer/protocol/smb/smb2-com-negotiate.pac
@@ -27,7 +27,7 @@ refine connection SMB_Conn += {
 			for ( unsigned int i = 0; i < ${val.dialects}->size(); ++i )
 				dialects->Assign(i, val_mgr->Count((*${val.dialects})[i]));
 
-			BifEvent::enqueue_smb2_negotiate_request(bro_analyzer(), bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_smb2_negotiate_request(bro_analyzer(), bro_analyzer()->Conn(),
 			                                         BuildSMB2HeaderVal(h),
 			                                         std::move(dialects));
 			}
@@ -60,7 +60,7 @@ refine connection SMB_Conn += {
 
 			nr->Assign(6, std::move(cv));
 
-			BifEvent::enqueue_smb2_negotiate_response(bro_analyzer(), bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_smb2_negotiate_response(bro_analyzer(), bro_analyzer()->Conn(),
 			                                          BuildSMB2HeaderVal(h),
 													  std::move(nr));
 			}
diff --git a/src/analyzer/protocol/smb/smb2-com-read.pac b/src/analyzer/protocol/smb/smb2-com-read.pac
index a3b01e4f5f..07eafcbabc 100644
--- a/src/analyzer/protocol/smb/smb2-com-read.pac
+++ b/src/analyzer/protocol/smb/smb2-com-read.pac
@@ -26,7 +26,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb2_read_request )
 			{
-			BifEvent::enqueue_smb2_read_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_read_request(bro_analyzer(),
 			                                    bro_analyzer()->Conn(),
 			                                    BuildSMB2HeaderVal(h),
 			                                    BuildSMB2GUID(${val.file_id}),
diff --git a/src/analyzer/protocol/smb/smb2-com-session-setup.pac b/src/analyzer/protocol/smb/smb2-com-session-setup.pac
index edd380790e..5b4b5f27e8 100644
--- a/src/analyzer/protocol/smb/smb2-com-session-setup.pac
+++ b/src/analyzer/protocol/smb/smb2-com-session-setup.pac
@@ -7,7 +7,7 @@ refine connection SMB_Conn += {
 			auto req = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::SessionSetupRequest);
 			req->Assign(0, val_mgr->Count(${val.security_mode}));
 
-			BifEvent::enqueue_smb2_session_setup_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_session_setup_request(bro_analyzer(),
 			                                             bro_analyzer()->Conn(),
 			                                             BuildSMB2HeaderVal(h),
 														 std::move(req));
@@ -28,7 +28,7 @@ refine connection SMB_Conn += {
 			auto resp = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::SessionSetupResponse);
 			resp->Assign(0, std::move(flags));
 
-			BifEvent::enqueue_smb2_session_setup_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_session_setup_response(bro_analyzer(),
 			                                              bro_analyzer()->Conn(),
 			                                              BuildSMB2HeaderVal(h),
 			                                              std::move(resp));
diff --git a/src/analyzer/protocol/smb/smb2-com-set-info.pac b/src/analyzer/protocol/smb/smb2-com-set-info.pac
index daee89cb70..a1c13e61b6 100644
--- a/src/analyzer/protocol/smb/smb2-com-set-info.pac
+++ b/src/analyzer/protocol/smb/smb2-com-set-info.pac
@@ -28,7 +28,7 @@ refine connection SMB_Conn += {
 	function proc_smb2_set_info_request_file(val: SMB2_file_basic_info): bool
 		%{
 		if ( smb2_file_sattr )
-			BifEvent::enqueue_smb2_file_sattr(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_file_sattr(bro_analyzer(),
 			                                  bro_analyzer()->Conn(),
 			                                  BuildSMB2HeaderVal(${val.sir.header}),
 			                                  BuildSMB2GUID(${val.sir.file_id}),
@@ -44,7 +44,7 @@ refine connection SMB_Conn += {
 	function proc_smb2_set_info_request_file_rename(val: SMB2_file_rename_info): bool
 		%{
 		if ( smb2_file_rename )
-			BifEvent::enqueue_smb2_file_rename(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_file_rename(bro_analyzer(),
 			                                   bro_analyzer()->Conn(),
 			                                   BuildSMB2HeaderVal(${val.sir.header}),
 			                                   BuildSMB2GUID(${val.sir.file_id}),
@@ -56,7 +56,7 @@ refine connection SMB_Conn += {
 	function proc_smb2_set_info_request_file_delete(val: SMB2_file_disposition_info): bool
 		%{
 		if ( smb2_file_delete )
-			BifEvent::enqueue_smb2_file_delete(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_file_delete(bro_analyzer(),
 			                                   bro_analyzer()->Conn(),
 			                                   BuildSMB2HeaderVal(${val.sir.header}),
 			                                   BuildSMB2GUID(${val.sir.file_id}),
@@ -68,7 +68,7 @@ refine connection SMB_Conn += {
 	function proc_smb2_set_info_request_file_allocation(val: SMB2_file_allocation_info): bool
 		%{
 		if ( smb2_file_allocation )
-			BifEvent::enqueue_smb2_file_allocation(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_file_allocation(bro_analyzer(),
 			                                       bro_analyzer()->Conn(),
 			                                       BuildSMB2HeaderVal(${val.sir.header}),
 			                                       BuildSMB2GUID(${val.sir.file_id}),
@@ -80,7 +80,7 @@ refine connection SMB_Conn += {
 	function proc_smb2_set_info_request_file_endoffile(val: SMB2_file_endoffile_info): bool
 		%{
 		if ( smb2_file_endoffile )
-			BifEvent::enqueue_smb2_file_endoffile(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_file_endoffile(bro_analyzer(),
 			                                      bro_analyzer()->Conn(),
 			                                      BuildSMB2HeaderVal(${val.sir.header}),
 			                                      BuildSMB2GUID(${val.sir.file_id}),
@@ -104,7 +104,7 @@ refine connection SMB_Conn += {
 				eas->Assign(i, std::move(r));
 				}
 
-			BifEvent::enqueue_smb2_file_fullea(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_file_fullea(bro_analyzer(),
 			                                   bro_analyzer()->Conn(),
 			                                   BuildSMB2HeaderVal(${val.sir.header}),
 			                                   BuildSMB2GUID(${val.sir.file_id}),
@@ -117,7 +117,7 @@ refine connection SMB_Conn += {
 	function proc_smb2_set_info_request_file_link(val: SMB2_file_link_info): bool
 		%{
 		if ( smb2_file_link )
-			BifEvent::enqueue_smb2_file_link(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_file_link(bro_analyzer(),
 			                                 bro_analyzer()->Conn(),
 			                                 BuildSMB2HeaderVal(${val.sir.header}),
 			                                 BuildSMB2GUID(${val.sir.file_id}),
@@ -130,7 +130,7 @@ refine connection SMB_Conn += {
 	function proc_smb2_set_info_request_file_mode(val: SMB2_file_mode_info): bool
 		%{
 		if ( smb2_file_mode )
-			BifEvent::enqueue_smb2_file_mode(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_file_mode(bro_analyzer(),
 			                                 bro_analyzer()->Conn(),
 			                                 BuildSMB2HeaderVal(${val.sir.header}),
 			                                 BuildSMB2GUID(${val.sir.file_id}),
@@ -142,7 +142,7 @@ refine connection SMB_Conn += {
 	function proc_smb2_set_info_request_file_pipe(val: SMB2_file_pipe_info): bool
 		%{
 		if ( smb2_file_pipe )
-			BifEvent::enqueue_smb2_file_pipe(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_file_pipe(bro_analyzer(),
 			                                 bro_analyzer()->Conn(),
 			                                 BuildSMB2HeaderVal(${val.sir.header}),
 			                                 BuildSMB2GUID(${val.sir.file_id}),
@@ -155,7 +155,7 @@ refine connection SMB_Conn += {
 	function proc_smb2_set_info_request_file_position(val: SMB2_file_position_info): bool
 		%{
 		if ( smb2_file_position )
-			BifEvent::enqueue_smb2_file_position(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_file_position(bro_analyzer(),
 			                                     bro_analyzer()->Conn(),
 			                                     BuildSMB2HeaderVal(${val.sir.header}),
 			                                     BuildSMB2GUID(${val.sir.file_id}),
@@ -167,7 +167,7 @@ refine connection SMB_Conn += {
 	function proc_smb2_set_info_request_file_shortname(val: SMB2_file_shortname_info): bool
 		%{
 		if ( smb2_file_shortname )
-			BifEvent::enqueue_smb2_file_shortname(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_file_shortname(bro_analyzer(),
 			                                      bro_analyzer()->Conn(),
 			                                      BuildSMB2HeaderVal(${val.sir.header}),
 			                                      BuildSMB2GUID(${val.sir.file_id}),
@@ -179,7 +179,7 @@ refine connection SMB_Conn += {
 	function proc_smb2_set_info_request_file_validdatalength(val: SMB2_file_validdatalength_info): bool
 		%{
 		if ( smb2_file_validdatalength )
-			BifEvent::enqueue_smb2_file_validdatalength(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_file_validdatalength(bro_analyzer(),
 			                                            bro_analyzer()->Conn(),
 			                                            BuildSMB2HeaderVal(${val.sir.header}),
 			                                            BuildSMB2GUID(${val.sir.file_id}),
@@ -200,7 +200,7 @@ refine connection SMB_Conn += {
 			r->Assign(4, val_mgr->Count(${val.default_quota_limit}));
 			r->Assign(5, val_mgr->Count(${val.file_system_control_flags}));
 
-			BifEvent::enqueue_smb2_file_fscontrol(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_file_fscontrol(bro_analyzer(),
 			                                      bro_analyzer()->Conn(),
 			                                      BuildSMB2HeaderVal(${val.sir.header}),
 			                                      BuildSMB2GUID(${val.sir.file_id}),
@@ -213,7 +213,7 @@ refine connection SMB_Conn += {
 	function proc_smb2_set_info_request_file_fsobjectid(val: SMB2_file_fsobjectid_info): bool
 		%{
 		if ( smb2_file_fsobjectid )
-			BifEvent::enqueue_smb2_file_fsobjectid(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_file_fsobjectid(bro_analyzer(),
 			                                       bro_analyzer()->Conn(),
 			                                       BuildSMB2HeaderVal(${val.sir.header}),
 			                                       BuildSMB2GUID(${val.sir.file_id}),
diff --git a/src/analyzer/protocol/smb/smb2-com-transform-header.pac b/src/analyzer/protocol/smb/smb2-com-transform-header.pac
index fb546afe1d..a261f58d42 100644
--- a/src/analyzer/protocol/smb/smb2-com-transform-header.pac
+++ b/src/analyzer/protocol/smb/smb2-com-transform-header.pac
@@ -11,7 +11,7 @@ refine connection SMB_Conn += {
 			r->Assign(3, val_mgr->Count(${hdr.flags}));
 			r->Assign(4, val_mgr->Count(${hdr.session_id}));
 
-			BifEvent::enqueue_smb2_transform_header(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_transform_header(bro_analyzer(),
 			                                        bro_analyzer()->Conn(),
 			                                        std::move(r));
 			}
diff --git a/src/analyzer/protocol/smb/smb2-com-tree-connect.pac b/src/analyzer/protocol/smb/smb2-com-tree-connect.pac
index 7ad9516a7f..63de3c1ccb 100644
--- a/src/analyzer/protocol/smb/smb2-com-tree-connect.pac
+++ b/src/analyzer/protocol/smb/smb2-com-tree-connect.pac
@@ -3,7 +3,7 @@ refine connection SMB_Conn += {
 	function proc_smb2_tree_connect_request(header: SMB2_Header, val: SMB2_tree_connect_request): bool
 		%{
 		if ( smb2_tree_connect_request )
-			BifEvent::enqueue_smb2_tree_connect_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_tree_connect_request(bro_analyzer(),
 			                                            bro_analyzer()->Conn(),
 			                                            BuildSMB2HeaderVal(header),
 			                                            smb2_string2stringval(${val.path}));
@@ -21,7 +21,7 @@ refine connection SMB_Conn += {
 			auto resp = make_intrusive<RecordVal>(zeek::BifType::Record::SMB2::TreeConnectResponse);
 			resp->Assign(0, val_mgr->Count(${val.share_type}));
 
-			BifEvent::enqueue_smb2_tree_connect_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_tree_connect_response(bro_analyzer(),
 			                                             bro_analyzer()->Conn(),
 			                                             BuildSMB2HeaderVal(header),
 														 std::move(resp));
diff --git a/src/analyzer/protocol/smb/smb2-com-tree-disconnect.pac b/src/analyzer/protocol/smb/smb2-com-tree-disconnect.pac
index f98523e94a..ebfe3cf367 100644
--- a/src/analyzer/protocol/smb/smb2-com-tree-disconnect.pac
+++ b/src/analyzer/protocol/smb/smb2-com-tree-disconnect.pac
@@ -7,7 +7,7 @@ refine connection SMB_Conn += {
 
 		if ( smb2_tree_disconnect_request )
 			{
-			BifEvent::enqueue_smb2_tree_disconnect_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_tree_disconnect_request(bro_analyzer(),
 			                                               bro_analyzer()->Conn(),
 			                                               BuildSMB2HeaderVal(header));
 			}
@@ -19,7 +19,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb2_tree_disconnect_response )
 			{
-			BifEvent::enqueue_smb2_tree_disconnect_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_tree_disconnect_response(bro_analyzer(),
 			                                                bro_analyzer()->Conn(),
 			                                                BuildSMB2HeaderVal(header));
 			}
diff --git a/src/analyzer/protocol/smb/smb2-com-write.pac b/src/analyzer/protocol/smb/smb2-com-write.pac
index 773dcd8bcc..91cbd1988d 100644
--- a/src/analyzer/protocol/smb/smb2-com-write.pac
+++ b/src/analyzer/protocol/smb/smb2-com-write.pac
@@ -4,7 +4,7 @@ refine connection SMB_Conn += {
 		%{
 		if ( smb2_write_request )
 			{
-			BifEvent::enqueue_smb2_write_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_write_request(bro_analyzer(),
 			                                     bro_analyzer()->Conn(),
 			                                     BuildSMB2HeaderVal(h),
 			                                     BuildSMB2GUID(${val.file_id}),
@@ -27,7 +27,7 @@ refine connection SMB_Conn += {
 
 		if ( smb2_write_response )
 			{
-			BifEvent::enqueue_smb2_write_response(bro_analyzer(),
+			zeek::BifEvent::enqueue_smb2_write_response(bro_analyzer(),
 			                                      bro_analyzer()->Conn(),
 			                                      BuildSMB2HeaderVal(h),
 			                                      ${val.write_count});
diff --git a/src/analyzer/protocol/smb/smb2-protocol.pac b/src/analyzer/protocol/smb/smb2-protocol.pac
index 13ec2c4062..3df04b354d 100644
--- a/src/analyzer/protocol/smb/smb2-protocol.pac
+++ b/src/analyzer/protocol/smb/smb2-protocol.pac
@@ -250,7 +250,7 @@ refine connection SMB_Conn += {
 
 		if ( smb2_message )
 			{
-			BifEvent::enqueue_smb2_message(bro_analyzer(), bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_smb2_message(bro_analyzer(), bro_analyzer()->Conn(),
 			                               BuildSMB2HeaderVal(h), is_orig);
 			}
 		return true;
diff --git a/src/analyzer/protocol/snmp/snmp-analyzer.pac b/src/analyzer/protocol/snmp/snmp-analyzer.pac
index a8c5b07b52..504a525440 100644
--- a/src/analyzer/protocol/snmp/snmp-analyzer.pac
+++ b/src/analyzer/protocol/snmp/snmp-analyzer.pac
@@ -209,7 +209,7 @@ refine connection SNMP_Conn += {
 		if ( ! snmp_get_request )
 			return false;
 
-		BifEvent::enqueue_snmp_get_request(bro_analyzer(),
+		zeek::BifEvent::enqueue_snmp_get_request(bro_analyzer(),
 		                                   bro_analyzer()->Conn(),
 		                                   ${pdu.header.is_orig},
 		                                   build_hdr(${pdu.header}),
@@ -222,7 +222,7 @@ refine connection SNMP_Conn += {
 		if ( ! snmp_get_next_request )
 			return false;
 
-		BifEvent::enqueue_snmp_get_next_request(bro_analyzer(),
+		zeek::BifEvent::enqueue_snmp_get_next_request(bro_analyzer(),
 		                                        bro_analyzer()->Conn(),
 		                                        ${pdu.header.is_orig},
 		                                        build_hdr(${pdu.header}),
@@ -235,7 +235,7 @@ refine connection SNMP_Conn += {
 		if ( ! snmp_response )
 			return false;
 
-		BifEvent::enqueue_snmp_response(bro_analyzer(),
+		zeek::BifEvent::enqueue_snmp_response(bro_analyzer(),
 		                                bro_analyzer()->Conn(),
 		                                ${pdu.header.is_orig},
 		                                build_hdr(${pdu.header}),
@@ -248,7 +248,7 @@ refine connection SNMP_Conn += {
 		if ( ! snmp_set_request )
 			return false;
 
-		BifEvent::enqueue_snmp_set_request(bro_analyzer(),
+		zeek::BifEvent::enqueue_snmp_set_request(bro_analyzer(),
 		                                   bro_analyzer()->Conn(),
 		                                   ${pdu.header.is_orig},
 		                                   build_hdr(${pdu.header}),
@@ -261,7 +261,7 @@ refine connection SNMP_Conn += {
 		if ( ! snmp_trap )
 			return false;
 
-		BifEvent::enqueue_snmp_trap(bro_analyzer(),
+		zeek::BifEvent::enqueue_snmp_trap(bro_analyzer(),
 		                            bro_analyzer()->Conn(),
 		                            ${pdu.header.is_orig},
 		                            build_hdr(${pdu.header}),
@@ -274,7 +274,7 @@ refine connection SNMP_Conn += {
 		if ( ! snmp_get_bulk_request )
 			return false;
 
-		BifEvent::enqueue_snmp_get_bulk_request(bro_analyzer(),
+		zeek::BifEvent::enqueue_snmp_get_bulk_request(bro_analyzer(),
 		                                        bro_analyzer()->Conn(),
 		                                        ${pdu.header.is_orig},
 		                                        build_hdr(${pdu.header}),
@@ -287,7 +287,7 @@ refine connection SNMP_Conn += {
 		if ( ! snmp_inform_request )
 			return false;
 
-		BifEvent::enqueue_snmp_inform_request(bro_analyzer(),
+		zeek::BifEvent::enqueue_snmp_inform_request(bro_analyzer(),
 		                                      bro_analyzer()->Conn(),
 		                                      ${pdu.header.is_orig},
 		                                      build_hdr(${pdu.header}),
@@ -300,7 +300,7 @@ refine connection SNMP_Conn += {
 		if ( ! snmp_trapV2 )
 			return false;
 
-		BifEvent::enqueue_snmp_trapV2(bro_analyzer(),
+		zeek::BifEvent::enqueue_snmp_trapV2(bro_analyzer(),
 		                              bro_analyzer()->Conn(),
 		                              ${pdu.header.is_orig},
 		                              build_hdr(${pdu.header}),
@@ -313,7 +313,7 @@ refine connection SNMP_Conn += {
 		if ( ! snmp_report )
 			return false;
 
-		BifEvent::enqueue_snmp_report(bro_analyzer(),
+		zeek::BifEvent::enqueue_snmp_report(bro_analyzer(),
 		                              bro_analyzer()->Conn(),
 		                              ${pdu.header.is_orig},
 		                              build_hdr(${pdu.header}),
@@ -326,7 +326,7 @@ refine connection SNMP_Conn += {
 		if ( ! snmp_unknown_header_version )
 			return false;
 
-		BifEvent::enqueue_snmp_unknown_header_version(bro_analyzer(),
+		zeek::BifEvent::enqueue_snmp_unknown_header_version(bro_analyzer(),
 		                                              bro_analyzer()->Conn(),
 		                                              ${rec.header.is_orig},
 		                                              ${rec.header.version});
@@ -338,7 +338,7 @@ refine connection SNMP_Conn += {
 		if ( ! snmp_unknown_pdu )
 			return false;
 
-		BifEvent::enqueue_snmp_unknown_pdu(bro_analyzer(),
+		zeek::BifEvent::enqueue_snmp_unknown_pdu(bro_analyzer(),
 		                                   bro_analyzer()->Conn(),
 		                                   ${rec.header.is_orig},
 		                                   build_hdr(${rec.header}),
@@ -351,7 +351,7 @@ refine connection SNMP_Conn += {
 		if ( ! snmp_unknown_scoped_pdu )
 			return false;
 
-		BifEvent::enqueue_snmp_unknown_scoped_pdu(bro_analyzer(),
+		zeek::BifEvent::enqueue_snmp_unknown_scoped_pdu(bro_analyzer(),
 		                                          bro_analyzer()->Conn(),
 		                                          ${rec.header.is_orig},
 		                                          build_hdr(${rec.header}),
@@ -364,7 +364,7 @@ refine connection SNMP_Conn += {
 		if ( ! snmp_encrypted_pdu )
 			return false;
 
-		BifEvent::enqueue_snmp_encrypted_pdu(bro_analyzer(),
+		zeek::BifEvent::enqueue_snmp_encrypted_pdu(bro_analyzer(),
 		                                     bro_analyzer()->Conn(),
 		                                     ${rec.header.is_orig},
 		                                     build_hdr(${rec.header}));
diff --git a/src/analyzer/protocol/socks/socks-analyzer.pac b/src/analyzer/protocol/socks/socks-analyzer.pac
index e880f22bdc..b347e42263 100644
--- a/src/analyzer/protocol/socks/socks-analyzer.pac
+++ b/src/analyzer/protocol/socks/socks-analyzer.pac
@@ -31,7 +31,7 @@ refine connection SOCKS_Conn += {
 			if ( ${request.v4a} )
 				sa->Assign(1, array_to_string(${request.name}));
 
-			BifEvent::enqueue_socks_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_socks_request(bro_analyzer(),
 			                                bro_analyzer()->Conn(),
 			                                4,
 			                                ${request.command},
@@ -53,7 +53,7 @@ refine connection SOCKS_Conn += {
 			auto sa = make_intrusive<RecordVal>(socks_address);
 			sa->Assign(0, make_intrusive<AddrVal>(htonl(${reply.addr})));
 
-			BifEvent::enqueue_socks_reply(bro_analyzer(),
+			zeek::BifEvent::enqueue_socks_reply(bro_analyzer(),
 			                              bro_analyzer()->Conn(),
 			                              4,
 			                              ${reply.status},
@@ -107,7 +107,7 @@ refine connection SOCKS_Conn += {
 			}
 
 		if ( socks_request )
-			BifEvent::enqueue_socks_request(bro_analyzer(),
+			zeek::BifEvent::enqueue_socks_request(bro_analyzer(),
 			                                bro_analyzer()->Conn(),
 			                                5,
 			                                ${request.command},
@@ -147,7 +147,7 @@ refine connection SOCKS_Conn += {
 			}
 
 		if ( socks_reply )
-			BifEvent::enqueue_socks_reply(bro_analyzer(),
+			zeek::BifEvent::enqueue_socks_reply(bro_analyzer(),
 			                              bro_analyzer()->Conn(),
 			                              5,
 			                              ${reply.reply},
@@ -167,7 +167,7 @@ refine connection SOCKS_Conn += {
 		auto user = make_intrusive<StringVal>(${request.username}.length(), (const char*) ${request.username}.begin());
 		auto pass = make_intrusive<StringVal>(${request.password}.length(), (const char*) ${request.password}.begin());
 
-		BifEvent::enqueue_socks_login_userpass_request(bro_analyzer(),
+		zeek::BifEvent::enqueue_socks_login_userpass_request(bro_analyzer(),
 		                                               bro_analyzer()->Conn(),
 		                                               std::move(user), std::move(pass));
 		return true;
@@ -188,7 +188,7 @@ refine connection SOCKS_Conn += {
 	function socks5_auth_reply_userpass(reply: SOCKS5_Auth_Reply_UserPass_v1): bool
 		%{
 		if ( socks_login_userpass_reply )
-			BifEvent::enqueue_socks_login_userpass_reply(bro_analyzer(),
+			zeek::BifEvent::enqueue_socks_login_userpass_reply(bro_analyzer(),
 			                                             bro_analyzer()->Conn(),
 			                                             ${reply.code});
 		return true;
diff --git a/src/analyzer/protocol/ssh/SSH.cc b/src/analyzer/protocol/ssh/SSH.cc
index f39d125bff..c43a4ce1fc 100644
--- a/src/analyzer/protocol/ssh/SSH.cc
+++ b/src/analyzer/protocol/ssh/SSH.cc
@@ -91,7 +91,7 @@ void SSH_Analyzer::Undelivered(uint64_t seq, int len, bool orig)
 void SSH_Analyzer::ProcessEncryptedSegment(int len, bool orig)
 	{
 	if ( ssh_encrypted_packet )
-		BifEvent::enqueue_ssh_encrypted_packet(interp->bro_analyzer(),
+		zeek::BifEvent::enqueue_ssh_encrypted_packet(interp->bro_analyzer(),
 		                                       interp->bro_analyzer()->Conn(),
 		                                       orig, len);
 
@@ -132,9 +132,9 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig)
 			{
 			auth_decision_made = true;
 			if ( ssh_auth_attempted )
-				BifEvent::enqueue_ssh_auth_attempted(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true);
+				zeek::BifEvent::enqueue_ssh_auth_attempted(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true);
 			if ( ssh_auth_successful )
-				BifEvent::enqueue_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true);
+				zeek::BifEvent::enqueue_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true);
 			return;
 			}
 
@@ -159,7 +159,7 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig)
 		if ( len == userauth_failure_size )
 			{
 			if ( ssh_auth_attempted )
-				BifEvent::enqueue_ssh_auth_attempted(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), false);
+				zeek::BifEvent::enqueue_ssh_auth_attempted(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), false);
 			return;
 			}
 
@@ -168,9 +168,9 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig)
 			{
 			auth_decision_made = true;
 			if ( ssh_auth_attempted )
-				BifEvent::enqueue_ssh_auth_attempted(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true);
+				zeek::BifEvent::enqueue_ssh_auth_attempted(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true);
 			if ( ssh_auth_successful )
-				BifEvent::enqueue_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), false);
+				zeek::BifEvent::enqueue_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), false);
 			return;
 			}
 		}
diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac
index 0845e41efa..12fa79634c 100644
--- a/src/analyzer/protocol/ssh/ssh-analyzer.pac
+++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac
@@ -52,13 +52,13 @@ refine flow SSH_Flow += {
 		%{
 		if ( ssh_client_version && ${msg.is_orig } )
 			{
-			BifEvent::enqueue_ssh_client_version(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_ssh_client_version(connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				to_stringval(${msg.version}));
 			}
 		else if ( ssh_server_version )
 			{
-			BifEvent::enqueue_ssh_server_version(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_ssh_server_version(connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				to_stringval(${msg.version}));
 			}
@@ -103,7 +103,7 @@ refine flow SSH_Flow += {
 
 		result->Assign(6, val_mgr->Bool(!${msg.is_orig}));
 
-		BifEvent::enqueue_ssh_capabilities(connection()->bro_analyzer(),
+		zeek::BifEvent::enqueue_ssh_capabilities(connection()->bro_analyzer(),
 			connection()->bro_analyzer()->Conn(), to_stringval(${msg.cookie}),
 			result);
 
@@ -115,7 +115,7 @@ refine flow SSH_Flow += {
 		%{
 		if ( ssh2_dh_server_params )
 			{
-			BifEvent::enqueue_ssh2_dh_server_params(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_ssh2_dh_server_params(connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				to_stringval(${msg.p.val}), to_stringval(${msg.g.val}));
 			}
@@ -126,7 +126,7 @@ refine flow SSH_Flow += {
 		%{
 		if ( ssh2_ecc_key )
 			{
-			BifEvent::enqueue_ssh2_ecc_key(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_ssh2_ecc_key(connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				is_orig, to_stringval(q));
 			}
@@ -137,7 +137,7 @@ refine flow SSH_Flow += {
 		%{
 		if ( ssh2_gss_error )
 			{
-			BifEvent::enqueue_ssh2_gss_error(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_ssh2_gss_error(connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				${msg.major_status}, ${msg.minor_status},
 				to_stringval(${msg.message.val}));
@@ -149,7 +149,7 @@ refine flow SSH_Flow += {
 		%{
 		if ( ssh2_server_host_key )
 			{
-			BifEvent::enqueue_ssh2_server_host_key(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_ssh2_server_host_key(connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				to_stringval(${key}));
 			}
@@ -160,7 +160,7 @@ refine flow SSH_Flow += {
 		%{
 		if ( ssh1_server_host_key )
 			{
-			BifEvent::enqueue_ssh1_server_host_key(connection()->bro_analyzer(),
+			zeek::BifEvent::enqueue_ssh1_server_host_key(connection()->bro_analyzer(),
 				connection()->bro_analyzer()->Conn(),
 				to_stringval(${p}),
 				to_stringval(${e}));
diff --git a/src/analyzer/protocol/ssl/proc-client-hello.pac b/src/analyzer/protocol/ssl/proc-client-hello.pac
index a1cfca8e59..c98b0772c6 100644
--- a/src/analyzer/protocol/ssl/proc-client-hello.pac
+++ b/src/analyzer/protocol/ssl/proc-client-hello.pac
@@ -42,7 +42,7 @@
 					}
 				}
 
-			BifEvent::enqueue_ssl_client_hello(bro_analyzer(), bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_ssl_client_hello(bro_analyzer(), bro_analyzer()->Conn(),
 							version, record_version(), ts,
 							make_intrusive<StringVal>(client_random.length(),
 							                          (const char*) client_random.data()),
diff --git a/src/analyzer/protocol/ssl/proc-server-hello.pac b/src/analyzer/protocol/ssl/proc-server-hello.pac
index 843a83e15d..130ff1f9ca 100644
--- a/src/analyzer/protocol/ssl/proc-server-hello.pac
+++ b/src/analyzer/protocol/ssl/proc-server-hello.pac
@@ -25,7 +25,7 @@
 			if ( v2 == 0 && server_random.length() >= 4 )
 				ts = ntohl(*((uint32*)server_random.data()));
 
-			BifEvent::enqueue_ssl_server_hello(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_server_hello(bro_analyzer(),
 							bro_analyzer()->Conn(),
 							version, record_version(), ts,
 							make_intrusive<StringVal>(server_random.length(),
diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac
index 7d7a5a4419..3e2a4a2d6a 100644
--- a/src/analyzer/protocol/ssl/ssl-analyzer.pac
+++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac
@@ -18,7 +18,7 @@ refine connection SSL_Conn += {
 	function proc_v2_client_master_key(rec: SSLRecord, cipher_kind: int) : bool
 		%{
 		if ( ssl_established )
-			BifEvent::enqueue_ssl_established(bro_analyzer(), bro_analyzer()->Conn());
+			zeek::BifEvent::enqueue_ssl_established(bro_analyzer(), bro_analyzer()->Conn());
 
 		return true;
 		%}
diff --git a/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac b/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac
index 256ed2d295..47d664ef99 100644
--- a/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac
+++ b/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac
@@ -32,7 +32,7 @@ refine connection SSL_Conn += {
 	function proc_alert(rec: SSLRecord, level : int, desc : int) : bool
 		%{
 		if ( ssl_alert )
-			BifEvent::enqueue_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(),
 							${rec.is_orig}, level, desc);
 		return true;
 		%}
@@ -52,11 +52,11 @@ refine connection SSL_Conn += {
 			{
 			established_ = true;
 			if ( ssl_established )
-				BifEvent::enqueue_ssl_established(bro_analyzer(), bro_analyzer()->Conn());
+				zeek::BifEvent::enqueue_ssl_established(bro_analyzer(), bro_analyzer()->Conn());
 			}
 
 		if ( ssl_encrypted_data )
-			BifEvent::enqueue_ssl_encrypted_data(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_encrypted_data(bro_analyzer(),
 				bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.raw_tls_version}, ${rec.content_type}, ${rec.length});
 
 		return true;
@@ -65,7 +65,7 @@ refine connection SSL_Conn += {
 	function proc_plaintext_record(rec : SSLRecord) : bool
 		%{
 		if ( ssl_plaintext_data )
-			BifEvent::enqueue_ssl_plaintext_data(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_plaintext_data(bro_analyzer(),
 				bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.raw_tls_version}, ${rec.content_type}, ${rec.length});
 
 		return true;
@@ -74,7 +74,7 @@ refine connection SSL_Conn += {
 	function proc_heartbeat(rec : SSLRecord, type: uint8, payload_length: uint16, data: bytestring) : bool
 		%{
 		if ( ssl_heartbeat )
-			BifEvent::enqueue_ssl_heartbeat(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_heartbeat(bro_analyzer(),
 				bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length}, type, payload_length,
 				make_intrusive<StringVal>(data.length(), (const char*) data.data()));
 		return true;
@@ -96,7 +96,7 @@ refine connection SSL_Conn += {
 	function proc_ccs(rec: SSLRecord) : bool
 		%{
 		if ( ssl_change_cipher_spec )
-			BifEvent::enqueue_ssl_change_cipher_spec(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_change_cipher_spec(bro_analyzer(),
 				bro_analyzer()->Conn(), ${rec.is_orig});
 
 		return true;
diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
index a08d94203b..6a8a97f7c8 100644
--- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
+++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
@@ -34,7 +34,7 @@ refine connection Handshake_Conn += {
 		%{
 		if ( ssl_session_ticket_handshake )
 			{
-			BifEvent::enqueue_ssl_session_ticket_handshake(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_session_ticket_handshake(bro_analyzer(),
 							bro_analyzer()->Conn(),
 							${rec.ticket_lifetime_hint},
 							make_intrusive<StringVal>(${rec.data}.length(), (const char*) ${rec.data}.data()));
@@ -64,7 +64,7 @@ refine connection Handshake_Conn += {
 		const unsigned char* data = sourcedata.begin() + 4;
 
 		if ( ssl_extension )
-			BifEvent::enqueue_ssl_extension(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_extension(bro_analyzer(),
 						bro_analyzer()->Conn(), ${rec.is_orig}, type,
 						make_intrusive<StringVal>(length, reinterpret_cast<const char*>(data)));
 		return true;
@@ -83,7 +83,7 @@ refine connection Handshake_Conn += {
 				points->Assign(i, val_mgr->Count((*point_format_list)[i]));
 			}
 
-		BifEvent::enqueue_ssl_extension_ec_point_formats(bro_analyzer(), bro_analyzer()->Conn(),
+		zeek::BifEvent::enqueue_ssl_extension_ec_point_formats(bro_analyzer(), bro_analyzer()->Conn(),
 		   ${rec.is_orig}, std::move(points));
 
 		return true;
@@ -102,7 +102,7 @@ refine connection Handshake_Conn += {
 				curves->Assign(i, val_mgr->Count((*list)[i]));
 			}
 
-		BifEvent::enqueue_ssl_extension_elliptic_curves(bro_analyzer(), bro_analyzer()->Conn(),
+		zeek::BifEvent::enqueue_ssl_extension_elliptic_curves(bro_analyzer(), bro_analyzer()->Conn(),
 		   ${rec.is_orig}, std::move(curves));
 
 		return true;
@@ -121,7 +121,7 @@ refine connection Handshake_Conn += {
 				nglist->Assign(i, val_mgr->Count((*keyshare)[i]->namedgroup()));
 			}
 
-		BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
+		zeek::BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
 
 		return true;
 		%}
@@ -134,7 +134,7 @@ refine connection Handshake_Conn += {
 		auto nglist = make_intrusive<VectorVal>(zeek::id::index_vec);
 
 		nglist->Assign(0u, val_mgr->Count(keyshare->namedgroup()));
-		BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
+		zeek::BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
 		return true;
 		%}
 
@@ -146,7 +146,7 @@ refine connection Handshake_Conn += {
 		auto nglist = make_intrusive<VectorVal>(zeek::id::index_vec);
 
 		nglist->Assign(0u, val_mgr->Count(namedgroup));
-		BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
+		zeek::BifEvent::enqueue_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(nglist));
 		return true;
 		%}
 
@@ -168,7 +168,7 @@ refine connection Handshake_Conn += {
 				}
 			}
 
-		BifEvent::enqueue_ssl_extension_signature_algorithm(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(slist));
+		zeek::BifEvent::enqueue_ssl_extension_signature_algorithm(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, std::move(slist));
 
 		return true;
 		%}
@@ -186,7 +186,7 @@ refine connection Handshake_Conn += {
 				plist->Assign(i, make_intrusive<StringVal>((*protocols)[i]->name().length(), (const char*) (*protocols)[i]->name().data()));
 			}
 
-		BifEvent::enqueue_ssl_extension_application_layer_protocol_negotiation(bro_analyzer(), bro_analyzer()->Conn(),
+		zeek::BifEvent::enqueue_ssl_extension_application_layer_protocol_negotiation(bro_analyzer(), bro_analyzer()->Conn(),
 											${rec.is_orig}, std::move(plist));
 
 		return true;
@@ -215,7 +215,7 @@ refine connection Handshake_Conn += {
 			}
 
 		if ( ssl_extension_server_name )
-			BifEvent::enqueue_ssl_extension_server_name(bro_analyzer(), bro_analyzer()->Conn(),
+			zeek::BifEvent::enqueue_ssl_extension_server_name(bro_analyzer(), bro_analyzer()->Conn(),
 		   	   ${rec.is_orig}, std::move(servers));
 
 		return true;
@@ -234,7 +234,7 @@ refine connection Handshake_Conn += {
 				versions->Assign(i, val_mgr->Count((*versions_list)[i]));
 			}
 
-		BifEvent::enqueue_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(),
+		zeek::BifEvent::enqueue_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(),
 			${rec.is_orig}, std::move(versions));
 
 		return true;
@@ -248,7 +248,7 @@ refine connection Handshake_Conn += {
 		auto versions = make_intrusive<VectorVal>(zeek::id::index_vec);
 		versions->Assign(0u, val_mgr->Count(version));
 
-		BifEvent::enqueue_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(),
+		zeek::BifEvent::enqueue_ssl_extension_supported_versions(bro_analyzer(), bro_analyzer()->Conn(),
 			${rec.is_orig}, std::move(versions));
 
 		return true;
@@ -267,7 +267,7 @@ refine connection Handshake_Conn += {
 				modes->Assign(i, val_mgr->Count((*mode_list)[i]));
 			}
 
-		BifEvent::enqueue_ssl_extension_psk_key_exchange_modes(bro_analyzer(), bro_analyzer()->Conn(),
+		zeek::BifEvent::enqueue_ssl_extension_psk_key_exchange_modes(bro_analyzer(), bro_analyzer()->Conn(),
 			${rec.is_orig}, std::move(modes));
 
 		return true;
@@ -314,7 +314,7 @@ refine connection Handshake_Conn += {
 			                 bro_analyzer()->Conn(), false, file_id, "application/ocsp-response");
 
 			if ( ssl_stapled_ocsp )
-				BifEvent::enqueue_ssl_stapled_ocsp(bro_analyzer(),
+				zeek::BifEvent::enqueue_ssl_stapled_ocsp(bro_analyzer(),
 				        bro_analyzer()->Conn(),
 				        ${rec.is_orig},
 				        make_intrusive<StringVal>(response.length(), (const char*) response.data()));
@@ -335,7 +335,7 @@ refine connection Handshake_Conn += {
 			return true;
 
 		if ( ssl_ecdh_server_params )
-			BifEvent::enqueue_ssl_ecdh_server_params(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_ecdh_server_params(bro_analyzer(),
 			                                         bro_analyzer()->Conn(),
 			                                         ${kex.params.curve},
 			                                         make_intrusive<StringVal>(${kex.params.point}.length(), (const char*)${kex.params.point}.data()));
@@ -356,7 +356,7 @@ refine connection Handshake_Conn += {
 				ha->Assign(1, val_mgr->Count(256));
 				}
 
-			BifEvent::enqueue_ssl_server_signature(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_server_signature(bro_analyzer(),
 			                                       bro_analyzer()->Conn(),
 			                                       std::move(ha),
 			                                       make_intrusive<StringVal>(${kex.signed_params.signature}.length(), (const char*)(${kex.signed_params.signature}).data()));
@@ -371,7 +371,7 @@ refine connection Handshake_Conn += {
 			return true;
 
 		if ( ssl_ecdh_server_params )
-			BifEvent::enqueue_ssl_ecdh_server_params(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_ecdh_server_params(bro_analyzer(),
 			                                         bro_analyzer()->Conn(),
 			                                         ${kex.params.curve},
 			                                         make_intrusive<StringVal>(${kex.params.point}.length(), (const char*)${kex.params.point}.data()));
@@ -382,7 +382,7 @@ refine connection Handshake_Conn += {
 	function proc_rsa_client_key_exchange(rec: HandshakeRecord, rsa_pms: bytestring) : bool
 		%{
 		if ( ssl_rsa_client_pms )
-			BifEvent::enqueue_ssl_rsa_client_pms(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_rsa_client_pms(bro_analyzer(),
 			                                     bro_analyzer()->Conn(),
 			                                     make_intrusive<StringVal>(rsa_pms.length(), (const char*)rsa_pms.data()));
 
@@ -392,7 +392,7 @@ refine connection Handshake_Conn += {
 	function proc_dh_client_key_exchange(rec: HandshakeRecord, Yc: bytestring) : bool
 		%{
 		if ( ssl_dh_client_params )
-			BifEvent::enqueue_ssl_dh_client_params(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_dh_client_params(bro_analyzer(),
 			                                       bro_analyzer()->Conn(),
 			                                       make_intrusive<StringVal>(Yc.length(), (const char*)Yc.data()));
 
@@ -402,7 +402,7 @@ refine connection Handshake_Conn += {
 	function proc_ecdh_client_key_exchange(rec: HandshakeRecord, point: bytestring) : bool
 		%{
 		if ( ssl_ecdh_client_params )
-			BifEvent::enqueue_ssl_ecdh_client_params(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_ecdh_client_params(bro_analyzer(),
 			                                         bro_analyzer()->Conn(),
 			                                         make_intrusive<StringVal>(point.length(), (const char*)point.data()));
 
@@ -418,7 +418,7 @@ refine connection Handshake_Conn += {
 		ha->Assign(0, val_mgr->Count(digitally_signed_algorithms->HashAlgorithm()));
 		ha->Assign(1, val_mgr->Count(digitally_signed_algorithms->SignatureAlgorithm()));
 
-		BifEvent::enqueue_ssl_extension_signed_certificate_timestamp(bro_analyzer(),
+		zeek::BifEvent::enqueue_ssl_extension_signed_certificate_timestamp(bro_analyzer(),
 			bro_analyzer()->Conn(), ${rec.is_orig},
 			version,
 			make_intrusive<StringVal>(logid.length(), reinterpret_cast<const char*>(logid.begin())),
@@ -433,7 +433,7 @@ refine connection Handshake_Conn += {
 	function proc_dhe_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring, signed_params: ServerKeyExchangeSignature) : bool
 		%{
 		if ( ssl_ecdh_server_params )
-			BifEvent::enqueue_ssl_dh_server_params(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_dh_server_params(bro_analyzer(),
 			  bro_analyzer()->Conn(),
 			  make_intrusive<StringVal>(p.length(), (const char*) p.data()),
 			  make_intrusive<StringVal>(g.length(), (const char*) g.data()),
@@ -456,7 +456,7 @@ refine connection Handshake_Conn += {
 				ha->Assign(1, val_mgr->Count(256));
 				}
 
-			BifEvent::enqueue_ssl_server_signature(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_server_signature(bro_analyzer(),
 			  bro_analyzer()->Conn(), std::move(ha),
 			  make_intrusive<StringVal>(${signed_params.signature}.length(), (const char*)(${signed_params.signature}).data())
 			  );
@@ -468,7 +468,7 @@ refine connection Handshake_Conn += {
 	function proc_dh_anon_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring) : bool
 		%{
 		if ( ssl_dh_server_params )
-			BifEvent::enqueue_ssl_dh_server_params(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_dh_server_params(bro_analyzer(),
 			  bro_analyzer()->Conn(),
 			  make_intrusive<StringVal>(p.length(), (const char*) p.data()),
 			  make_intrusive<StringVal>(g.length(), (const char*) g.data()),
@@ -481,7 +481,7 @@ refine connection Handshake_Conn += {
 	function proc_handshake(is_orig: bool, msg_type: uint8, length: uint24) : bool
 		%{
 		if ( ssl_handshake_message )
-			BifEvent::enqueue_ssl_handshake_message(bro_analyzer(),
+			zeek::BifEvent::enqueue_ssl_handshake_message(bro_analyzer(),
 				bro_analyzer()->Conn(), is_orig, msg_type, to_int()(length));
 
 		return true;
@@ -513,7 +513,7 @@ refine connection Handshake_Conn += {
 				blist->Assign(blist->Size(), make_intrusive<StringVal>(binder->binder().length(), (const char*) binder->binder().data()));
 			}
 
-		BifEvent::enqueue_ssl_extension_pre_shared_key_client_hello(bro_analyzer(), bro_analyzer()->Conn(),
+		zeek::BifEvent::enqueue_ssl_extension_pre_shared_key_client_hello(bro_analyzer(), bro_analyzer()->Conn(),
 			${rec.is_orig}, std::move(slist), std::move(blist));
 
 		return true;
@@ -524,7 +524,7 @@ refine connection Handshake_Conn += {
 		if ( ! ssl_extension_pre_shared_key_client_hello )
 			return true;
 
-		BifEvent::enqueue_ssl_extension_pre_shared_key_server_hello(bro_analyzer(),
+		zeek::BifEvent::enqueue_ssl_extension_pre_shared_key_server_hello(bro_analyzer(),
 			bro_analyzer()->Conn(), ${rec.is_orig}, selected_identity);
 
 		return true;
diff --git a/src/analyzer/protocol/syslog/syslog-analyzer.pac b/src/analyzer/protocol/syslog/syslog-analyzer.pac
index 72acb78653..f464abf3b3 100644
--- a/src/analyzer/protocol/syslog/syslog-analyzer.pac
+++ b/src/analyzer/protocol/syslog/syslog-analyzer.pac
@@ -15,7 +15,7 @@ flow Syslog_Flow
 			return true;
 
 		if ( ${m.has_pri} )
-			BifEvent::enqueue_syslog_message(
+			zeek::BifEvent::enqueue_syslog_message(
 			    connection()->bro_analyzer(),
 			    connection()->bro_analyzer()->Conn(),
 			    ${m.PRI.facility},
@@ -23,7 +23,7 @@ flow Syslog_Flow
 			    make_intrusive<StringVal>(${m.msg}.length(), (const char*)${m.msg}.begin())
 			    );
 		else
-			BifEvent::enqueue_syslog_message(
+			zeek::BifEvent::enqueue_syslog_message(
 			    connection()->bro_analyzer(),
 			    connection()->bro_analyzer()->Conn(),
 			    999,
diff --git a/src/analyzer/protocol/xmpp/xmpp-analyzer.pac b/src/analyzer/protocol/xmpp/xmpp-analyzer.pac
index 6c06809098..62bcec8fc5 100644
--- a/src/analyzer/protocol/xmpp/xmpp-analyzer.pac
+++ b/src/analyzer/protocol/xmpp/xmpp-analyzer.pac
@@ -33,7 +33,7 @@ refine connection XMPP_Conn += {
 			{
 			bro_analyzer()->StartTLS();
 			if ( xmpp_starttls )
-				BifEvent::enqueue_xmpp_starttls(bro_analyzer(), bro_analyzer()->Conn());
+				zeek::BifEvent::enqueue_xmpp_starttls(bro_analyzer(), bro_analyzer()->Conn());
 			}
 		else if ( !is_orig && token == "proceed" )
 			reporter->Weird(bro_analyzer()->Conn(), "XMPP: proceed without starttls");
diff --git a/testing/btest/plugins/protocol-plugin/src/foo-analyzer.pac b/testing/btest/plugins/protocol-plugin/src/foo-analyzer.pac
index 1ef3650e84..0c1fdbfa1a 100644
--- a/testing/btest/plugins/protocol-plugin/src/foo-analyzer.pac
+++ b/testing/btest/plugins/protocol-plugin/src/foo-analyzer.pac
@@ -4,7 +4,7 @@ refine connection Foo_Conn += {
 	function Foo_data(msg: Foo_Message): bool
 		%{
 		auto data = make_intrusive<StringVal>(${msg.data}.length(), (const char*) ${msg.data}.data());
-		BifEvent::enqueue_foo_message(bro_analyzer(), bro_analyzer()->Conn(), std::move(data));
+		zeek::BifEvent::enqueue_foo_message(bro_analyzer(), bro_analyzer()->Conn(), std::move(data));
 		return true;
 		%}