Add methods to queue events without handler existence check

Added ConnectionEventFast() and QueueEventFast() methods to avoid redundant event handler existence checks. It's common practice for caller to already check for event handler existence before doing all the work of constructing the arguments, so it's desirable to not have to check for existence again. E.g. going through ConnectionEvent() means 3 existence checks: one you do yourself before calling it, one in ConnectionEvent(), and then another in QueueEvent(). The existence check itself can be more than a few operations sometimes as it needs to check a few flags that determine if it's enabled, has a local body, or has any remote receivers in the old comm. system or has been flagged as something to publish in the new comm. system.
2025-10-02 14:48:21 +00:00 · 2019-04-11 20:23:49 -07:00 · 2019-04-11 20:23:49 -07:00 · b6862c5c59
commit b6862c5c59
parent 8bc65f09ec
72 changed files with 771 additions and 524 deletions
--- a/aux/bifcl
+++ b/aux/bifcl
@ -1 +1 @@
-Subproject commit 44622332fb1361383799be33e365704caacce199
+Subproject commit 33cde13264825df906668b608017e65f4ffbc12a
--- a/src/Anon.cc
+++ b/src/Anon.cc
@ -415,7 +415,7 @@ void log_anonymization_mapping(ipaddr32_t input, ipaddr32_t output)
 	{
 	if ( anonymization_mapping )
 		{
-		mgr.QueueEvent(anonymization_mapping, {
+		mgr.QueueEventFast(anonymization_mapping, {
 			new AddrVal(input),
 			new AddrVal(output)
 		});
--- a/src/Conn.cc
+++ b/src/Conn.cc
@ -325,7 +325,7 @@ void Connection::HistoryThresholdEvent(EventHandlerPtr e, bool is_orig,
 		// and at this stage it's not a *multiple* instance.
 		return;
-	ConnectionEvent(e, 0, {
+	ConnectionEventFast(e, 0, {
 		BuildConnVal(),
 		val_mgr->GetBool(is_orig),
 		val_mgr->GetCount(threshold)
@ -389,7 +389,7 @@ void Connection::EnableStatusUpdateTimer()
 void Connection::StatusUpdateTimer(double t)
 	{
-	ConnectionEvent(connection_status_update, 0, { BuildConnVal() });
+	ConnectionEventFast(connection_status_update, 0, { BuildConnVal() });
 	ADD_TIMER(&Connection::StatusUpdateTimer,
 			network_time + connection_status_update_interval, 0,
 			TIMER_CONN_STATUS_UPDATE);
@ -627,7 +627,7 @@ int Connection::VersionFoundEvent(const IPAddr& addr, const char* s, int len,
 		{
 		if ( software_parse_error )
 			{
-			ConnectionEvent(software_parse_error, analyzer, {
+			ConnectionEventFast(software_parse_error, analyzer, {
 				BuildConnVal(),
 				new AddrVal(addr),
 				new StringVal(len, s),
@ -638,7 +638,7 @@ int Connection::VersionFoundEvent(const IPAddr& addr, const char* s, int len,
 	if ( software_version_found )
 		{
-		ConnectionEvent(software_version_found, 0, {
+		ConnectionEventFast(software_version_found, 0, {
 			BuildConnVal(),
 			new AddrVal(addr),
 			val,
@ -666,7 +666,7 @@ int Connection::UnparsedVersionFoundEvent(const IPAddr& addr,
 	if ( software_unparsed_version_found )
 		{
-		ConnectionEvent(software_unparsed_version_found, analyzer, {
+		ConnectionEventFast(software_unparsed_version_found, analyzer, {
 			BuildConnVal(),
 			new AddrVal(addr),
 			new StringVal(len, full),
@ -682,9 +682,9 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, const ch
 		return;
 	if ( name )
-		ConnectionEvent(f, analyzer, {new StringVal(name), BuildConnVal()});
+		ConnectionEventFast(f, analyzer, {new StringVal(name), BuildConnVal()});
 	else
-		ConnectionEvent(f, analyzer, {BuildConnVal()});
+		ConnectionEventFast(f, analyzer, {BuildConnVal()});
 	}
@ -698,9 +698,9 @@ void Connection::Event(EventHandlerPtr f, analyzer::Analyzer* analyzer, Val* v1,
 		}
 	if ( v2 )
-		ConnectionEvent(f, analyzer, {BuildConnVal(), v1, v2});
+		ConnectionEventFast(f, analyzer, {BuildConnVal(), v1, v2});
 	else
-		ConnectionEvent(f, analyzer, {BuildConnVal(), v1});
+		ConnectionEventFast(f, analyzer, {BuildConnVal(), v1});
 	}
 void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list vl)
@ -720,6 +720,13 @@ void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_l
 			a ? a->GetID() : 0, GetTimerMgr(), this);
 	}
 void Connection::ConnectionEventFast(EventHandlerPtr f, analyzer::Analyzer* a, val_list vl)
 	{
 	// "this" is passed as a cookie for the event
 	mgr.QueueEventFast(f, std::move(vl), SOURCE_LOCAL,
 			a ? a->GetID() : 0, GetTimerMgr(), this);
 	}
 void Connection::ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* a, val_list* vl)
 	{
 	ConnectionEvent(f, a, std::move(*vl));
@ -1053,7 +1060,7 @@ void Connection::CheckFlowLabel(bool is_orig, uint32 flow_label)
 		if ( connection_flow_label_changed &&
 		     (is_orig ? saw_first_orig_packet : saw_first_resp_packet) )
 			{
-			ConnectionEvent(connection_flow_label_changed, 0, {
+			ConnectionEventFast(connection_flow_label_changed, 0, {
 				BuildConnVal(),
 				val_mgr->GetBool(is_orig),
 				val_mgr->GetCount(my_flow_label),
--- a/src/Conn.h
+++ b/src/Conn.h
@ -181,6 +181,8 @@ public:
 				val_list* vl);
 	void ConnectionEvent(EventHandlerPtr f, analyzer::Analyzer* analyzer,
 				val_list vl);
 	void ConnectionEventFast(EventHandlerPtr f, analyzer::Analyzer* analyzer,
 				val_list vl);
 	void Weird(const char* name, const char* addl = "");
 	bool DidWeird() const	{ return weird != 0; }
--- a/src/DNS_Mgr.cc
+++ b/src/DNS_Mgr.cc
@ -704,7 +704,7 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm)
 	if ( ! e )
 		return;
-	mgr.QueueEvent(e, {BuildMappingVal(dm)});
+	mgr.QueueEventFast(e, {BuildMappingVal(dm)});
 	}
 void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm, ListVal* l1, ListVal* l2)
@ -715,7 +715,7 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* dm, ListVal* l1, ListVal* l2
 	Unref(l1);
 	Unref(l2);
-	mgr.QueueEvent(e, {
+	mgr.QueueEventFast(e, {
 		BuildMappingVal(dm),
 		l1->ConvertToSet(),
 		l2->ConvertToSet(),
@ -727,7 +727,7 @@ void DNS_Mgr::Event(EventHandlerPtr e, DNS_Mapping* old_dm, DNS_Mapping* new_dm)
 	if ( ! e )
 		return;
-	mgr.QueueEvent(e, {
+	mgr.QueueEventFast(e, {
 		BuildMappingVal(old_dm),
 		BuildMappingVal(new_dm),
 	});
--- a/src/Event.cc
+++ b/src/Event.cc
@ -128,7 +128,7 @@ void EventMgr::QueueEvent(Event* event)
 void EventMgr::Drain()
 	{
 	if ( event_queue_flush_point )
-		QueueEvent(event_queue_flush_point, val_list{});
+		QueueEventFast(event_queue_flush_point, val_list{});
 	SegmentProfiler(segment_logger, "draining-events");
--- a/src/Event.h
+++ b/src/Event.h
@ -58,6 +58,13 @@ public:
 	EventMgr();
 	~EventMgr() override;
 	void QueueEventFast(const EventHandlerPtr &h, val_list vl,
 			SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0,
 			TimerMgr* mgr = 0, BroObj* obj = 0)
 		{
 		QueueEvent(new Event(h, std::move(vl), src, aid, mgr, obj));
 		}
 	void QueueEvent(const EventHandlerPtr &h, val_list vl,
 			SourceID src = SOURCE_LOCAL, analyzer::ID aid = 0,
 			TimerMgr* mgr = 0, BroObj* obj = 0)
--- a/src/Reporter.cc
+++ b/src/Reporter.cc
@ -506,9 +506,9 @@ void Reporter::DoLog(const char* prefix, EventHandlerPtr event, FILE* out,
 			}
 		if ( conn )
-			conn->ConnectionEvent(event, 0, std::move(vl));
+			conn->ConnectionEventFast(event, 0, std::move(vl));
 		else
-			mgr.QueueEvent(event, std::move(vl));
+			mgr.QueueEventFast(event, std::move(vl));
 		}
 	else
 		{
--- a/src/RuleAction.cc
+++ b/src/RuleAction.cc
@ -17,7 +17,7 @@ void RuleActionEvent::DoAction(const Rule* parent, RuleEndpointState* state,
 	{
 	if ( signature_match )
 		{
-		mgr.QueueEvent(signature_match, {
+		mgr.QueueEventFast(signature_match, {
 			rule_matcher->BuildRuleStateValue(parent, state),
 			new StringVal(msg),
 			data ? new StringVal(len, (const char*)data) : val_mgr->GetEmptyString(),
--- a/src/Sessions.cc
+++ b/src/Sessions.cc
@ -171,7 +171,7 @@ void NetSessions::NextPacket(double t, const Packet* pkt)
 	SegmentProfiler(segment_logger, "dispatching-packet");
 	if ( raw_packet )
-		mgr.QueueEvent(raw_packet, {pkt->BuildPktHdrVal()});
+		mgr.QueueEventFast(raw_packet, {pkt->BuildPktHdrVal()});
 	if ( pkt_profiler )
 		pkt_profiler->ProfilePkt(t, pkt->cap_len);
@ -411,7 +411,7 @@ void NetSessions::DoNextPacket(double t, const Packet* pkt, const IP_Hdr* ip_hdr
 		{
 		dump_this_packet = 1;
 		if ( esp_packet )
-			mgr.QueueEvent(esp_packet, {ip_hdr->BuildPktHdrVal()});
+			mgr.QueueEventFast(esp_packet, {ip_hdr->BuildPktHdrVal()});
 		// Can't do more since upper-layer payloads are going to be encrypted.
 		return;
@ -1315,9 +1315,9 @@ Connection* NetSessions::NewConn(HashKey* k, double t, const ConnID* id,
 		{
 		conn->Event(new_connection, 0);
-		if ( external )
+		if ( external && connection_external )
 			{
-			conn->ConnectionEvent(connection_external, 0, {
+			conn->ConnectionEventFast(connection_external, 0, {
 				conn->BuildConnVal(),
 				new StringVal(conn->GetTimerMgr()->GetTag().c_str()),
 			});
--- a/src/StateAccess.cc
+++ b/src/StateAccess.cc
@ -536,7 +536,7 @@ void StateAccess::Replay()
 	if ( remote_state_access_performed )
 		{
-		mgr.QueueEvent(remote_state_access_performed, {
+		mgr.QueueEventFast(remote_state_access_performed, {
 			new StringVal(target.id->Name()),
 			target.id->ID_Val()->Ref(),
 		});
--- a/src/Stats.cc
+++ b/src/Stats.cc
@ -369,7 +369,8 @@ void SampleLogger::SegmentProfile(const char* /* name */,
 					const Location* /* loc */,
 					double dtime, int dmem)
 	{
-	mgr.QueueEvent(load_sample, {
+	if ( load_sample )
 		mgr.QueueEventFast(load_sample, {
 			load_samples->Ref(),
 			new IntervalVal(dtime, Seconds),
 			val_mgr->GetInt(dmem)
--- a/src/analyzer/Analyzer.cc
+++ b/src/analyzer/Analyzer.cc
@ -662,16 +662,19 @@ void Analyzer::ProtocolConfirmation(Tag arg_tag)
 	if ( protocol_confirmed )
 		return;
 	protocol_confirmed = true;
 	if ( ! protocol_confirmation )
 		return;
 	EnumVal* tval = arg_tag ? arg_tag.AsEnumVal() : tag.AsEnumVal();
 	Ref(tval);
-	mgr.QueueEvent(protocol_confirmation, {
+	mgr.QueueEventFast(protocol_confirmation, {
 		BuildConnVal(),
 		tval,
 		val_mgr->GetCount(id),
 	});
 	protocol_confirmed = true;
 	}
 void Analyzer::ProtocolViolation(const char* reason, const char* data, int len)
@ -689,10 +692,13 @@ void Analyzer::ProtocolViolation(const char* reason, const char* data, int len)
 	else
 		r = new StringVal(reason);
 	if ( ! protocol_violation )
 		return;
 	EnumVal* tval = tag.AsEnumVal();
 	Ref(tval);
-	mgr.QueueEvent(protocol_violation, {
+	mgr.QueueEventFast(protocol_violation, {
 		BuildConnVal(),
 		tval,
 		val_mgr->GetCount(id),
@ -787,6 +793,11 @@ void Analyzer::ConnectionEvent(EventHandlerPtr f, val_list vl)
 	conn->ConnectionEvent(f, this, std::move(vl));
 	}
 void Analyzer::ConnectionEventFast(EventHandlerPtr f, val_list vl)
 	{
 	conn->ConnectionEventFast(f, this, std::move(vl));
 	}
 void Analyzer::Weird(const char* name, const char* addl)
 	{
 	conn->Weird(name, addl);
--- a/src/analyzer/Analyzer.h
+++ b/src/analyzer/Analyzer.h
@ -547,6 +547,12 @@ public:
 	 */
 	void ConnectionEvent(EventHandlerPtr f, val_list vl);
 	/**
 	 * Convenience function that forwards directly to
 	 * Connection::ConnectionEventFast().
 	 */
 	void ConnectionEventFast(EventHandlerPtr f, val_list vl);
 	/**
 	 * Convenience function that forwards directly to the corresponding
 	 * Connection::Weird().
--- a/src/analyzer/protocol/arp/ARP.cc
+++ b/src/analyzer/protocol/arp/ARP.cc
@ -190,7 +190,7 @@ void ARP_Analyzer::BadARP(const struct arp_pkthdr* hdr, const char* msg)
 	if ( ! bad_arp )
 		return;
-	mgr.QueueEvent(bad_arp, {
+	mgr.QueueEventFast(bad_arp, {
 		ConstructAddrVal(ar_spa(hdr)),
 		EthAddrToStr((const u_char*) ar_sha(hdr)),
 		ConstructAddrVal(ar_tpa(hdr)),
@ -212,7 +212,7 @@ void ARP_Analyzer::RREvent(EventHandlerPtr e,
 	if ( ! e )
 		return;
-	mgr.QueueEvent(e, {
+	mgr.QueueEventFast(e, {
 		EthAddrToStr(src),
 		EthAddrToStr(dst),
 		ConstructAddrVal(spa),
--- a/src/analyzer/protocol/backdoor/BackDoor.cc
+++ b/src/analyzer/protocol/backdoor/BackDoor.cc
@ -246,7 +246,10 @@ void BackDoorEndpoint::RloginSignatureFound(int len)
 	rlogin_checking_done = 1;
-	endp->TCP()->ConnectionEvent(rlogin_signature_found, {
+	if ( ! rlogin_signature_found )
 		return;
 	endp->TCP()->ConnectionEventFast(rlogin_signature_found, {
 		endp->TCP()->BuildConnVal(),
 		val_mgr->GetBool(endp->IsOrig()),
 		val_mgr->GetCount(rlogin_num_null),
@ -337,7 +340,10 @@ void BackDoorEndpoint::CheckForTelnet(uint64 /* seq */, int len, const u_char* d
 void BackDoorEndpoint::TelnetSignatureFound(int len)
 	{
-	endp->TCP()->ConnectionEvent(telnet_signature_found, {
+	if ( ! telnet_signature_found )
 		return;
 	endp->TCP()->ConnectionEventFast(telnet_signature_found, {
 		endp->TCP()->BuildConnVal(),
 		val_mgr->GetBool(endp->IsOrig()),
 		val_mgr->GetCount(len),
@ -641,12 +647,15 @@ void BackDoorEndpoint::CheckForHTTPProxy(uint64 /* seq */, int len,
 void BackDoorEndpoint::SignatureFound(EventHandlerPtr e, int do_orig)
 	{
 	if ( ! e )
 		return;
 	if ( do_orig )
-		endp->TCP()->ConnectionEvent(e,
+		endp->TCP()->ConnectionEventFast(e,
 		    {endp->TCP()->BuildConnVal(), val_mgr->GetBool(endp->IsOrig())});
 	else
-		endp->TCP()->ConnectionEvent(e, {endp->TCP()->BuildConnVal()});
+		endp->TCP()->ConnectionEventFast(e, {endp->TCP()->BuildConnVal()});
 	}
@ -773,7 +782,10 @@ void BackDoor_Analyzer::StatTimer(double t, int is_expire)
 void BackDoor_Analyzer::StatEvent()
 	{
-	TCP()->ConnectionEvent(backdoor_stats, {
+	if ( ! backdoor_stats )
 		return;
 	TCP()->ConnectionEventFast(backdoor_stats, {
 		TCP()->BuildConnVal(),
 		orig_endp->BuildStats(),
 		resp_endp->BuildStats(),
@ -782,7 +794,10 @@ void BackDoor_Analyzer::StatEvent()
 void BackDoor_Analyzer::RemoveEvent()
 	{
-	TCP()->ConnectionEvent(backdoor_remove_conn, {TCP()->BuildConnVal()});
+	if ( ! backdoor_remove_conn )
 		return;
 	TCP()->ConnectionEventFast(backdoor_remove_conn, {TCP()->BuildConnVal()});
 	}
 BackDoorTimer::BackDoorTimer(double t, BackDoor_Analyzer* a)
--- a/src/analyzer/protocol/bittorrent/BitTorrent.cc
+++ b/src/analyzer/protocol/bittorrent/BitTorrent.cc
@ -120,7 +120,7 @@ void BitTorrent_Analyzer::DeliverWeird(const char* msg, bool orig)
 	{
 	if ( bittorrent_peer_weird )
 		{
-		ConnectionEvent(bittorrent_peer_weird, {
+		ConnectionEventFast(bittorrent_peer_weird, {
 			BuildConnVal(),
 			val_mgr->GetBool(orig),
 			new StringVal(msg),
--- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
+++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
@ -247,7 +247,7 @@ void BitTorrentTracker_Analyzer::DeliverWeird(const char* msg, bool orig)
 	{
 	if ( bt_tracker_weird )
 		{
-		ConnectionEvent(bt_tracker_weird, {
+		ConnectionEventFast(bt_tracker_weird, {
 			BuildConnVal(),
 			val_mgr->GetBool(orig),
 			new StringVal(msg),
@ -348,7 +348,8 @@ void BitTorrentTracker_Analyzer::EmitRequest(void)
 	{
 	ProtocolConfirmation();
-	ConnectionEvent(bt_tracker_request, {
+	if ( bt_tracker_request )
 		ConnectionEventFast(bt_tracker_request, {
 			BuildConnVal(),
 			req_val_uri,
 			req_val_headers,
@ -401,7 +402,8 @@ bool BitTorrentTracker_Analyzer::ParseResponse(char* line)
 			{
 			if ( res_status != 200 )
 				{
-				ConnectionEvent(bt_tracker_response_not_ok, {
+				if ( bt_tracker_response_not_ok )
 					ConnectionEventFast(bt_tracker_response_not_ok, {
 						BuildConnVal(),
 						val_mgr->GetCount(res_status),
 						res_val_headers,
@ -787,7 +789,8 @@ void BitTorrentTracker_Analyzer::EmitResponse(void)
 	{
 	ProtocolConfirmation();
-	ConnectionEvent(bt_tracker_response, {
+	if ( bt_tracker_response )
 		ConnectionEventFast(bt_tracker_response, {
 			BuildConnVal(),
 			val_mgr->GetCount(res_status),
 			res_val_headers,
--- a/src/analyzer/protocol/conn-size/ConnSize.cc
+++ b/src/analyzer/protocol/conn-size/ConnSize.cc
@ -47,7 +47,7 @@ void ConnSize_Analyzer::ThresholdEvent(EventHandlerPtr f, uint64 threshold, bool
 	if ( ! f )
 		return;
-	ConnectionEvent(f, {
+	ConnectionEventFast(f, {
 		BuildConnVal(),
 		val_mgr->GetCount(threshold),
 		val_mgr->GetBool(is_orig),
--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@ -46,7 +46,7 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
 	if ( dns_message )
 		{
-		analyzer->ConnectionEvent(dns_message, {
+		analyzer->ConnectionEventFast(dns_message, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetBool(is_query),
 			msg.BuildHdrVal(),
@ -132,7 +132,8 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query)
 int DNS_Interpreter::EndMessage(DNS_MsgInfo* msg)
 	{
-	analyzer->ConnectionEvent(dns_end, {
+	if ( dns_end )
 		analyzer->ConnectionEventFast(dns_end, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 		});
@ -334,7 +335,7 @@ int DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg,
 			if ( dns_unknown_reply && ! msg->skip_event )
 				{
-				analyzer->ConnectionEvent(dns_unknown_reply, {
+				analyzer->ConnectionEventFast(dns_unknown_reply, {
 					analyzer->BuildConnVal(),
 					msg->BuildHdrVal(),
 					msg->BuildAnswerVal(),
@ -549,7 +550,7 @@ int DNS_Interpreter::ParseRR_Name(DNS_MsgInfo* msg,
 	if ( reply_event && ! msg->skip_event )
 		{
-		analyzer->ConnectionEvent(reply_event, {
+		analyzer->ConnectionEventFast(reply_event, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 			msg->BuildAnswerVal(),
@ -603,7 +604,7 @@ int DNS_Interpreter::ParseRR_SOA(DNS_MsgInfo* msg,
 		r->Assign(5, new IntervalVal(double(expire), Seconds));
 		r->Assign(6, new IntervalVal(double(minimum), Seconds));
-		analyzer->ConnectionEvent(dns_SOA_reply, {
+		analyzer->ConnectionEventFast(dns_SOA_reply, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 			msg->BuildAnswerVal(),
@ -634,7 +635,7 @@ int DNS_Interpreter::ParseRR_MX(DNS_MsgInfo* msg,
 	if ( dns_MX_reply && ! msg->skip_event )
 		{
-		analyzer->ConnectionEvent(dns_MX_reply, {
+		analyzer->ConnectionEventFast(dns_MX_reply, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 			msg->BuildAnswerVal(),
@ -677,7 +678,7 @@ int DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg,
 	if ( dns_SRV_reply && ! msg->skip_event )
 		{
-		analyzer->ConnectionEvent(dns_SRV_reply, {
+		analyzer->ConnectionEventFast(dns_SRV_reply, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 			msg->BuildAnswerVal(),
@ -700,7 +701,7 @@ int DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg,
 	if ( dns_EDNS_addl && ! msg->skip_event )
 		{
-		analyzer->ConnectionEvent(dns_EDNS_addl, {
+		analyzer->ConnectionEventFast(dns_EDNS_addl, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 			msg->BuildEDNS_Val(),
@ -766,22 +767,24 @@ int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg,
 	unsigned int rr_error = ExtractShort(data, len);
 	ExtractOctets(data, len, 0);  // Other Data
-	msg->tsig = new TSIG_DATA;
+	if ( dns_TSIG_addl )
-
+		{
-	msg->tsig->alg_name =
+		TSIG_DATA tsig;
 		tsig.alg_name =
 			new BroString(alg_name, alg_name_end - alg_name, 1);
-	msg->tsig->sig = request_MAC;
+		tsig.sig = request_MAC;
-	msg->tsig->time_s = sign_time_sec;
+		tsig.time_s = sign_time_sec;
-	msg->tsig->time_ms = sign_time_msec;
+		tsig.time_ms = sign_time_msec;
-	msg->tsig->fudge = fudge;
+		tsig.fudge = fudge;
-	msg->tsig->orig_id = orig_id;
+		tsig.orig_id = orig_id;
-	msg->tsig->rr_error = rr_error;
+		tsig.rr_error = rr_error;
-	analyzer->ConnectionEvent(dns_TSIG_addl, {
+		analyzer->ConnectionEventFast(dns_TSIG_addl, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
-		msg->BuildTSIG_Val(),
+			msg->BuildTSIG_Val(&tsig),
 		});
 		}
 	return 1;
 	}
@ -864,6 +867,8 @@ int DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg,
 			break;
 	}
 	if ( dns_RRSIG )
 		{
 		RRSIG_DATA rrsig;
 		rrsig.type_covered = type_covered;
 		rrsig.algorithm = algo;
@ -875,12 +880,13 @@ int DNS_Interpreter::ParseRR_RRSIG(DNS_MsgInfo* msg,
 		rrsig.signer_name = new BroString(name, name_end - name, 1);
 		rrsig.signature = sign;
-	analyzer->ConnectionEvent(dns_RRSIG, {
+		analyzer->ConnectionEventFast(dns_RRSIG, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 			msg->BuildAnswerVal(),
 			msg->BuildRRSIG_Val(&rrsig),
 		});
 		}
 	return 1;
 	}
@ -961,18 +967,21 @@ int DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg,
 			break;
 	}
 	if ( dns_DNSKEY )
 		{
 		DNSKEY_DATA dnskey;
 		dnskey.dflags = dflags;
 		dnskey.dalgorithm = dalgorithm;
 		dnskey.dprotocol = dprotocol;
 		dnskey.public_key = key;
-	analyzer->ConnectionEvent(dns_DNSKEY, {
+		analyzer->ConnectionEventFast(dns_DNSKEY, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 			msg->BuildAnswerVal(),
 			msg->BuildDNSKEY_Val(&dnskey),
 		});
 		}
 	return 1;
 	}
@ -1017,13 +1026,16 @@ int DNS_Interpreter::ParseRR_NSEC(DNS_MsgInfo* msg,
 		typebitmaps_len = typebitmaps_len - (2 + bmlen);
 		}
-	analyzer->ConnectionEvent(dns_NSEC, {
+	if ( dns_NSEC )
 		analyzer->ConnectionEventFast(dns_NSEC, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 			msg->BuildAnswerVal(),
 			new StringVal(new BroString(name, name_end - name, 1)),
 			char_strings,
 		});
 	else
 		Unref(char_strings);
 	return 1;
 	}
@ -1091,6 +1103,8 @@ int DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg,
 		typebitmaps_len = typebitmaps_len - (2 + bmlen);
 		}
 	if ( dns_NSEC3 )
 		{
 		NSEC3_DATA nsec3;
 		nsec3.nsec_flags = nsec_flags;
 		nsec3.nsec_hash_algo = hash_algo;
@ -1101,12 +1115,13 @@ int DNS_Interpreter::ParseRR_NSEC3(DNS_MsgInfo* msg,
 		nsec3.nsec_hash = hash_val;
 		nsec3.bitmaps = char_strings;
-	analyzer->ConnectionEvent(dns_NSEC3, {
+		analyzer->ConnectionEventFast(dns_NSEC3, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 			msg->BuildAnswerVal(),
 			msg->BuildNSEC3_Val(&nsec3),
 		});
 		}
 	return 1;
 	}
@ -1150,18 +1165,21 @@ int DNS_Interpreter::ParseRR_DS(DNS_MsgInfo* msg,
 			break;
 	}
 	if ( dns_DS )
 		{
 		DS_DATA ds;
 		ds.key_tag = ds_key_tag;
 		ds.algorithm = ds_algo;
 		ds.digest_type = ds_dtype;
 		ds.digest_val = ds_digest;
-	analyzer->ConnectionEvent(dns_DS, {
+		analyzer->ConnectionEventFast(dns_DS, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 			msg->BuildAnswerVal(),
 			msg->BuildDS_Val(&ds),
 		});
 		}
 	return 1;
 	}
@ -1179,7 +1197,7 @@ int DNS_Interpreter::ParseRR_A(DNS_MsgInfo* msg,
 	if ( dns_A_reply && ! msg->skip_event )
 		{
-		analyzer->ConnectionEvent(dns_A_reply, {
+		analyzer->ConnectionEventFast(dns_A_reply, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 			msg->BuildAnswerVal(),
@ -1216,7 +1234,7 @@ int DNS_Interpreter::ParseRR_AAAA(DNS_MsgInfo* msg,
 		event = dns_A6_reply;
 	if ( event && ! msg->skip_event )
 		{
-		analyzer->ConnectionEvent(event, {
+		analyzer->ConnectionEventFast(event, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 			msg->BuildAnswerVal(),
@ -1290,12 +1308,15 @@ int DNS_Interpreter::ParseRR_TXT(DNS_MsgInfo* msg,
 	while ( (char_string = extract_char_string(analyzer, data, len, rdlength)) )
 		char_strings->Assign(char_strings->Size(), char_string);
-	analyzer->ConnectionEvent(dns_TXT_reply, {
+	if ( dns_TXT_reply )
 		analyzer->ConnectionEventFast(dns_TXT_reply, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 			msg->BuildAnswerVal(),
 			char_strings,
 		});
 	else
 		Unref(char_strings);
 	return rdlength == 0;
 	}
@ -1330,7 +1351,8 @@ int DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg,
 	data += value->Len();
 	rdlength -= value->Len();
-	analyzer->ConnectionEvent(dns_CAA_reply, {
+	if ( dns_CAA_reply )
 		analyzer->ConnectionEventFast(dns_CAA_reply, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 			msg->BuildAnswerVal(),
@ -1338,6 +1360,11 @@ int DNS_Interpreter::ParseRR_CAA(DNS_MsgInfo* msg,
 			new StringVal(tag),
 			new StringVal(value),
 		});
 	else
 		{
 		delete tag;
 		delete value;
 		}
 	return rdlength == 0;
 	}
@ -1351,7 +1378,8 @@ void DNS_Interpreter::SendReplyOrRejectEvent(DNS_MsgInfo* msg,
 	RR_Type qtype = RR_Type(ExtractShort(data, len));
 	int qclass = ExtractShort(data, len);
-	analyzer->ConnectionEvent(event, {
+	if ( event )
 		analyzer->ConnectionEventFast(event, {
 			analyzer->BuildConnVal(),
 			msg->BuildHdrVal(),
 			new StringVal(question_name),
@ -1391,7 +1419,6 @@ DNS_MsgInfo::DNS_MsgInfo(DNS_RawMsgHdr* hdr, int arg_is_query)
 	answer_type = DNS_QUESTION;
 	skip_event = 0;
 	tsig = 0;
 	}
 DNS_MsgInfo::~DNS_MsgInfo()
@ -1470,7 +1497,7 @@ Val* DNS_MsgInfo::BuildEDNS_Val()
 	return r;
 	}
-Val* DNS_MsgInfo::BuildTSIG_Val()
+Val* DNS_MsgInfo::BuildTSIG_Val(struct TSIG_DATA* tsig)
 	{
 	RecordVal* r = new RecordVal(dns_tsig_additional);
 	double rtime = tsig->time_s + tsig->time_ms / 1000.0;
@ -1487,9 +1514,6 @@ Val* DNS_MsgInfo::BuildTSIG_Val()
 	r->Assign(7, val_mgr->GetCount(tsig->rr_error));
 	r->Assign(8, val_mgr->GetCount(is_query));
 	delete tsig;
 	tsig = 0;
 	return r;
 	}
@ -1705,7 +1729,8 @@ void DNS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
 		{
 		if ( ! interp->ParseMessage(data, len, 1) && non_dns_request )
 			{
-			ConnectionEvent(non_dns_request, {
+			if ( non_dns_request )
 				ConnectionEventFast(non_dns_request, {
 					BuildConnVal(),
 					new StringVal(len, (const char*) data),
 				});
--- a/src/analyzer/protocol/dns/DNS.h
+++ b/src/analyzer/protocol/dns/DNS.h
@ -182,7 +182,7 @@ public:
 	Val* BuildHdrVal();
 	Val* BuildAnswerVal();
 	Val* BuildEDNS_Val();
-	Val* BuildTSIG_Val();
+	Val* BuildTSIG_Val(struct TSIG_DATA*);
 	Val* BuildRRSIG_Val(struct RRSIG_DATA*);
 	Val* BuildDNSKEY_Val(struct DNSKEY_DATA*);
 	Val* BuildNSEC3_Val(struct NSEC3_DATA*);
@ -214,10 +214,6 @@ public:
 				///< identical answer, there may be problems
 	// uint32* addr;	///< cache value to pass back results
 				///< for forward lookups
 	// More values for spesific DNS types.
 	//struct EDNS_ADDITIONAL* edns;
 	struct TSIG_DATA* tsig;
 };
--- a/src/analyzer/protocol/file/File.cc
+++ b/src/analyzer/protocol/file/File.cc
@ -78,7 +78,8 @@ void File_Analyzer::Identify()
 	string match = matches.empty() ? "<unknown>"
 	                               : *(matches.begin()->second.begin());
-	ConnectionEvent(file_transferred, {
+	if ( file_transferred )
 		ConnectionEventFast(file_transferred, {
 			BuildConnVal(),
 			new StringVal(buffer_len, buffer),
 			new StringVal("<unknown>"),
--- a/src/analyzer/protocol/finger/Finger.cc
+++ b/src/analyzer/protocol/finger/Finger.cc
@ -68,7 +68,7 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig
 		if ( finger_request )
 			{
-			ConnectionEvent(finger_request, {
+			ConnectionEventFast(finger_request, {
 				BuildConnVal(),
 				val_mgr->GetBool(long_cnt),
 				new StringVal(at - line, line),
@ -87,7 +87,7 @@ void Finger_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig
 		if ( ! finger_reply )
 			return;
-		ConnectionEvent(finger_reply, {
+		ConnectionEventFast(finger_reply, {
 			BuildConnVal(),
 			new StringVal(end_of_line - line, line),
 		});
--- a/src/analyzer/protocol/gnutella/Gnutella.cc
+++ b/src/analyzer/protocol/gnutella/Gnutella.cc
@ -59,9 +59,9 @@ void Gnutella_Analyzer::Done()
 	if ( ! sent_establish && (gnutella_establish || gnutella_not_establish) )
 		{
 		if ( Established() && gnutella_establish )
-			ConnectionEvent(gnutella_establish, {BuildConnVal()});
+			ConnectionEventFast(gnutella_establish, {BuildConnVal()});
 		else if ( ! Established () && gnutella_not_establish )
-			ConnectionEvent(gnutella_not_establish, {BuildConnVal()});
+			ConnectionEventFast(gnutella_not_establish, {BuildConnVal()});
 		}
 	if ( gnutella_partial_binary_msg )
@ -72,7 +72,7 @@ void Gnutella_Analyzer::Done()
 			{
 			if ( ! p->msg_sent && p->msg_pos )
 				{
-				ConnectionEvent(gnutella_partial_binary_msg, {
+				ConnectionEventFast(gnutella_partial_binary_msg, {
 					BuildConnVal(),
 					new StringVal(p->msg),
 					val_mgr->GetBool((i == 0)),
@ -121,7 +121,7 @@ int Gnutella_Analyzer::IsHTTP(string header)
 	if ( gnutella_http_notify )
 		{
-		ConnectionEvent(gnutella_http_notify, {BuildConnVal()});
+		ConnectionEventFast(gnutella_http_notify, {BuildConnVal()});
 		}
 	analyzer::Analyzer* a = analyzer_mgr->InstantiateAnalyzer("HTTP", Conn());
@ -181,7 +181,7 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig)
 			{
 			if ( gnutella_text_msg )
 				{
-				ConnectionEvent(gnutella_text_msg, {
+				ConnectionEventFast(gnutella_text_msg, {
 					BuildConnVal(),
 					val_mgr->GetBool(orig),
 					new StringVal(ms->headers.data()),
@ -195,7 +195,7 @@ void Gnutella_Analyzer::DeliverLines(int len, const u_char* data, bool orig)
 				{
 				sent_establish = 1;
-				ConnectionEvent(gnutella_establish, {BuildConnVal()});
+				ConnectionEventFast(gnutella_establish, {BuildConnVal()});
 				}
 			}
 		}
@ -221,7 +221,7 @@ void Gnutella_Analyzer::SendEvents(GnutellaMsgState* p, bool is_orig)
 	if ( gnutella_binary_msg )
 		{
-		ConnectionEvent(gnutella_binary_msg, {
+		ConnectionEventFast(gnutella_binary_msg, {
 			BuildConnVal(),
 			val_mgr->GetBool(is_orig),
 			val_mgr->GetCount(p->msg_type),
--- a/src/analyzer/protocol/http/HTTP.cc
+++ b/src/analyzer/protocol/http/HTTP.cc
@ -646,7 +646,7 @@ void HTTP_Message::Done(const int interrupted, const char* detail)
 	if ( http_message_done )
 		{
-		GetAnalyzer()->ConnectionEvent(http_message_done, {
+		GetAnalyzer()->ConnectionEventFast(http_message_done, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetBool(is_orig),
 			BuildMessageStat(interrupted, detail),
@ -679,7 +679,7 @@ void HTTP_Message::BeginEntity(mime::MIME_Entity* entity)
 	if ( http_begin_entity )
 		{
-		analyzer->ConnectionEvent(http_begin_entity, {
+		analyzer->ConnectionEventFast(http_begin_entity, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetBool(is_orig),
 		});
@ -696,7 +696,7 @@ void HTTP_Message::EndEntity(mime::MIME_Entity* entity)
 	if ( http_end_entity )
 		{
-		analyzer->ConnectionEvent(http_end_entity, {
+		analyzer->ConnectionEventFast(http_end_entity, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetBool(is_orig),
 		});
@ -737,7 +737,7 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist)
 	{
 	if ( http_all_headers )
 		{
-		analyzer->ConnectionEvent(http_all_headers, {
+		analyzer->ConnectionEventFast(http_all_headers, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetBool(is_orig),
 			BuildHeaderTable(hlist),
@ -751,7 +751,7 @@ void HTTP_Message::SubmitAllHeaders(mime::MIME_HeaderList& hlist)
 		ty->Ref();
 		subty->Ref();
-		analyzer->ConnectionEvent(http_content_type, {
+		analyzer->ConnectionEventFast(http_content_type, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetBool(is_orig),
 			ty,
@ -1183,7 +1183,7 @@ void HTTP_Analyzer::GenStats()
 		r->Assign(3, new Val(reply_version, TYPE_DOUBLE));
 		// DEBUG_MSG("%.6f http_stats\n", network_time);
-		ConnectionEvent(http_stats, {BuildConnVal(), r});
+		ConnectionEventFast(http_stats, {BuildConnVal(), r});
 		}
 	}
@ -1381,7 +1381,7 @@ void HTTP_Analyzer::HTTP_Event(const char* category, StringVal* detail)
 	if ( http_event )
 		{
 		// DEBUG_MSG("%.6f http_event\n", network_time);
-		ConnectionEvent(http_event, {
+		ConnectionEventFast(http_event, {
 			BuildConnVal(),
 			new StringVal(category),
 			detail,
@ -1424,7 +1424,7 @@ void HTTP_Analyzer::HTTP_Request()
 		Ref(request_method);
 		// DEBUG_MSG("%.6f http_request\n", network_time);
-		ConnectionEvent(http_request, {
+		ConnectionEventFast(http_request, {
 			BuildConnVal(),
 			request_method,
 			TruncateURI(request_URI->AsStringVal()),
@ -1438,7 +1438,7 @@ void HTTP_Analyzer::HTTP_Reply()
 	{
 	if ( http_reply )
 		{
-		ConnectionEvent(http_reply, {
+		ConnectionEventFast(http_reply, {
 			BuildConnVal(),
 			new StringVal(fmt("%.1f", reply_version)),
 			val_mgr->GetCount(reply_code),
@ -1517,7 +1517,7 @@ void HTTP_Analyzer::ReplyMade(const int interrupted, const char* msg)
 		if ( http_connection_upgrade )
 			{
-			ConnectionEvent(http_connection_upgrade, {
+			ConnectionEventFast(http_connection_upgrade, {
 				BuildConnVal(),
 				new StringVal(upgrade_protocol),
 			});
@ -1693,7 +1693,7 @@ void HTTP_Analyzer::HTTP_Header(int is_orig, mime::MIME_Header* h)
 		if ( DEBUG_http )
 			DEBUG_MSG("%.6f http_header\n", network_time);
-		ConnectionEvent(http_header, {
+		ConnectionEventFast(http_header, {
 			BuildConnVal(),
 			val_mgr->GetBool(is_orig),
 			mime::new_string_val(h->get_name())->ToUpper(),
@ -1827,7 +1827,7 @@ void HTTP_Analyzer::HTTP_EntityData(int is_orig, BroString* entity_data)
 	{
 	if ( http_entity_data )
 		{
-		ConnectionEvent(http_entity_data, {
+		ConnectionEventFast(http_entity_data, {
 			BuildConnVal(),
 			val_mgr->GetBool(is_orig),
 			val_mgr->GetCount(entity_data->Len()),
--- a/src/analyzer/protocol/icmp/ICMP.cc
+++ b/src/analyzer/protocol/icmp/ICMP.cc
@ -199,7 +199,7 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen,
    {
 	if ( icmp_sent )
 		{
-		ConnectionEvent(icmp_sent, {
+		ConnectionEventFast(icmp_sent, {
 			BuildConnVal(),
 			BuildICMPVal(icmpp, len, icmpv6, ip_hdr),
 		});
@ -209,7 +209,7 @@ void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen,
 		{
 		BroString* payload = new BroString(data, min(len, caplen), 0);
-		ConnectionEvent(icmp_sent_payload, {
+		ConnectionEventFast(icmp_sent_payload, {
 			BuildConnVal(),
 			BuildICMPVal(icmpp, len, icmpv6, ip_hdr),
 			new StringVal(payload),
@ -512,7 +512,7 @@ void ICMP_Analyzer::Echo(double t, const struct icmp* icmpp, int len,
 	BroString* payload = new BroString(data, caplen, 0);
-	ConnectionEvent(f, {
+	ConnectionEventFast(f, {
 		BuildConnVal(),
 		BuildICMPVal(icmpp, len, ip_hdr->NextProto() != IPPROTO_ICMP, ip_hdr),
 		val_mgr->GetCount(iid),
@ -526,6 +526,10 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len,
 			 int caplen, const u_char*& data, const IP_Hdr* ip_hdr)
 	{
 	EventHandlerPtr f = icmp_router_advertisement;
 	if ( ! f )
 		return;
 	uint32 reachable = 0, retrans = 0;
 	if ( caplen >= (int)sizeof(reachable) )
@ -536,7 +540,7 @@ void ICMP_Analyzer::RouterAdvert(double t, const struct icmp* icmpp, int len,
 	int opt_offset = sizeof(reachable) + sizeof(retrans);
-	ConnectionEvent(f, {
+	ConnectionEventFast(f, {
 		BuildConnVal(),
 		BuildICMPVal(icmpp, len, 1, ip_hdr),
 		val_mgr->GetCount(icmpp->icmp_num_addrs), // Cur Hop Limit
@ -558,6 +562,10 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len,
 			 int caplen, const u_char*& data, const IP_Hdr* ip_hdr)
 	{
 	EventHandlerPtr f = icmp_neighbor_advertisement;
 	if ( ! f )
 		return;
 	IPAddr tgtaddr;
 	if ( caplen >= (int)sizeof(in6_addr) )
@ -565,7 +573,7 @@ void ICMP_Analyzer::NeighborAdvert(double t, const struct icmp* icmpp, int len,
 	int opt_offset = sizeof(in6_addr);
-	ConnectionEvent(f, {
+	ConnectionEventFast(f, {
 		BuildConnVal(),
 		BuildICMPVal(icmpp, len, 1, ip_hdr),
 		val_mgr->GetBool(icmpp->icmp_num_addrs & 0x80), // Router
@ -581,6 +589,10 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len,
 			 int caplen, const u_char*& data, const IP_Hdr* ip_hdr)
 	{
 	EventHandlerPtr f = icmp_neighbor_solicitation;
 	if ( ! f )
 		return;
 	IPAddr tgtaddr;
 	if ( caplen >= (int)sizeof(in6_addr) )
@ -588,7 +600,7 @@ void ICMP_Analyzer::NeighborSolicit(double t, const struct icmp* icmpp, int len,
 	int opt_offset = sizeof(in6_addr);
-	ConnectionEvent(f, {
+	ConnectionEventFast(f, {
 		BuildConnVal(),
 		BuildICMPVal(icmpp, len, 1, ip_hdr),
 		new AddrVal(tgtaddr),
@ -601,6 +613,10 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len,
 			 int caplen, const u_char*& data, const IP_Hdr* ip_hdr)
 	{
 	EventHandlerPtr f = icmp_redirect;
 	if ( ! f )
 		return;
 	IPAddr tgtaddr, dstaddr;
 	if ( caplen >= (int)sizeof(in6_addr) )
@ -611,7 +627,7 @@ void ICMP_Analyzer::Redirect(double t, const struct icmp* icmpp, int len,
 	int opt_offset = 2 * sizeof(in6_addr);
-	ConnectionEvent(f, {
+	ConnectionEventFast(f, {
 		BuildConnVal(),
 		BuildICMPVal(icmpp, len, 1, ip_hdr),
 		new AddrVal(tgtaddr),
@ -626,7 +642,10 @@ void ICMP_Analyzer::RouterSolicit(double t, const struct icmp* icmpp, int len,
 	{
 	EventHandlerPtr f = icmp_router_solicitation;
-	ConnectionEvent(f, {
+	if ( ! f )
 		return;
 	ConnectionEventFast(f, {
 		BuildConnVal(),
 		BuildICMPVal(icmpp, len, 1, ip_hdr),
 		BuildNDOptionsVal(caplen, data),
@ -652,7 +671,7 @@ void ICMP_Analyzer::Context4(double t, const struct icmp* icmpp,
 	if ( f )
 		{
-		ConnectionEvent(f, {
+		ConnectionEventFast(f, {
 			BuildConnVal(),
 			BuildICMPVal(icmpp, len, 0, ip_hdr),
 			val_mgr->GetCount(icmpp->icmp_code),
@ -692,7 +711,7 @@ void ICMP_Analyzer::Context6(double t, const struct icmp* icmpp,
 	if ( f )
 		{
-		ConnectionEvent(f, {
+		ConnectionEventFast(f, {
 			BuildConnVal(),
 			BuildICMPVal(icmpp, len, 1, ip_hdr),
 			val_mgr->GetCount(icmpp->icmp_code),
--- a/src/analyzer/protocol/ident/Ident.cc
+++ b/src/analyzer/protocol/ident/Ident.cc
@ -83,7 +83,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
 			Weird("ident_request_addendum", s.CheckString());
 			}
-		ConnectionEvent(ident_request, {
+		ConnectionEventFast(ident_request, {
 			BuildConnVal(),
 			val_mgr->GetPort(local_port, TRANSPORT_TCP),
 			val_mgr->GetPort(remote_port, TRANSPORT_TCP),
@ -143,7 +143,8 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
 		if ( is_error )
 			{
-			ConnectionEvent(ident_error, {
+			if ( ident_error )
 				ConnectionEventFast(ident_error, {
 					BuildConnVal(),
 					val_mgr->GetPort(local_port, TRANSPORT_TCP),
 					val_mgr->GetPort(remote_port, TRANSPORT_TCP),
@ -176,7 +177,7 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
 			line = skip_whitespace(colon + 1, end_of_line);
-			ConnectionEvent(ident_reply, {
+			ConnectionEventFast(ident_reply, {
 				BuildConnVal(),
 				val_mgr->GetPort(local_port, TRANSPORT_TCP),
 				val_mgr->GetPort(remote_port, TRANSPORT_TCP),
--- a/src/analyzer/protocol/imap/imap-analyzer.pac
+++ b/src/analyzer/protocol/imap/imap-analyzer.pac
@ -43,6 +43,8 @@ refine connection IMAP_Conn += {
 			if ( commands == "ok" )
 				{
 				bro_analyzer()->StartTLS();
 				if ( imap_starttls )
 					BifEvent::generate_imap_starttls(bro_analyzer(), bro_analyzer()->Conn());
 				}
 			else
@ -54,6 +56,9 @@ refine connection IMAP_Conn += {
 	function proc_server_capability(capabilities: Capability[]): bool
 		%{
 		if ( ! imap_capabilities )
 			return true;
 		VectorVal* capv = new VectorVal(internal_type("string_vec")->AsVectorType());
 		for ( unsigned int i = 0; i< capabilities->size(); i++ )
 			{
--- a/src/analyzer/protocol/interconn/InterConn.cc
+++ b/src/analyzer/protocol/interconn/InterConn.cc
@ -241,7 +241,8 @@ void InterConn_Analyzer::StatTimer(double t, int is_expire)
 void InterConn_Analyzer::StatEvent()
 	{
-	Conn()->ConnectionEvent(interconn_stats, this, {
+	if ( interconn_stats )
 		Conn()->ConnectionEventFast(interconn_stats, this, {
 			Conn()->BuildConnVal(),
 			orig_endp->BuildStats(),
 			resp_endp->BuildStats(),
@ -250,7 +251,8 @@ void InterConn_Analyzer::StatEvent()
 void InterConn_Analyzer::RemoveEvent()
 	{
-	Conn()->ConnectionEvent(interconn_remove_conn, this, {Conn()->BuildConnVal()});
+	if ( interconn_remove_conn )
 		Conn()->ConnectionEventFast(interconn_remove_conn, this, {Conn()->BuildConnVal()});
 	}
 InterConnTimer::InterConnTimer(double t, InterConn_Analyzer* a)
--- a/src/analyzer/protocol/irc/IRC.cc
+++ b/src/analyzer/protocol/irc/IRC.cc
@ -233,7 +233,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				// else ###
 				}
-			ConnectionEvent(irc_network_info, {
+			ConnectionEventFast(irc_network_info, {
 				BuildConnVal(),
 				val_mgr->GetBool(orig),
 				val_mgr->GetInt(users),
@ -281,7 +281,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				Unref(idx);
 				}
-			ConnectionEvent(irc_names_info, {
+			ConnectionEventFast(irc_names_info, {
 				BuildConnVal(),
 				val_mgr->GetBool(orig),
 				new StringVal(type.c_str()),
@ -315,7 +315,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				// else ###
 				}
-			ConnectionEvent(irc_server_info, {
+			ConnectionEventFast(irc_server_info, {
 				BuildConnVal(),
 				val_mgr->GetBool(orig),
 				val_mgr->GetInt(users),
@ -337,7 +337,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				if ( parts[i] == ":channels" )
 					channels = atoi(parts[i - 1].c_str());
-			ConnectionEvent(irc_channel_info, {
+			ConnectionEventFast(irc_channel_info, {
 				BuildConnVal(),
 				val_mgr->GetBool(orig),
 				val_mgr->GetInt(channels),
@ -369,7 +369,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				break;
 				}
-			ConnectionEvent(irc_global_users, {
+			ConnectionEventFast(irc_global_users, {
 				BuildConnVal(),
 				val_mgr->GetBool(orig),
 				new StringVal(eop - prefix, prefix),
@ -412,7 +412,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			vl.append(new StringVal(real_name.c_str()));
-			ConnectionEvent(irc_whois_user_line, std::move(vl));
+			ConnectionEventFast(irc_whois_user_line, std::move(vl));
 			}
 			break;
@ -433,7 +433,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				return;
 				}
-			ConnectionEvent(irc_whois_operator_line, {
+			ConnectionEventFast(irc_whois_operator_line, {
 				BuildConnVal(),
 				val_mgr->GetBool(orig),
 				new StringVal(parts[0].c_str()),
@ -472,7 +472,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				Unref(idx);
 				}
-			ConnectionEvent(irc_whois_channel_line, {
+			ConnectionEventFast(irc_whois_channel_line, {
 				BuildConnVal(),
 				val_mgr->GetBool(orig),
 				new StringVal(nick.c_str()),
@ -503,7 +503,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				if ( *t == ':' )
 					++t;
-				ConnectionEvent(irc_channel_topic, {
+				ConnectionEventFast(irc_channel_topic, {
 					BuildConnVal(),
 					val_mgr->GetBool(orig),
 					new StringVal(parts[1].c_str()),
@ -537,7 +537,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			if ( parts[7][0] == ':' )
 				parts[7] = parts[7].substr(1);
-			ConnectionEvent(irc_who_line, {
+			ConnectionEventFast(irc_who_line, {
 				BuildConnVal(),
 				val_mgr->GetBool(orig),
 				new StringVal(parts[0].c_str()),
@ -560,7 +560,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		case 436:
 			if ( irc_invalid_nick )
 				{
-				ConnectionEvent(irc_invalid_nick, {
+				ConnectionEventFast(irc_invalid_nick, {
 					BuildConnVal(),
 					val_mgr->GetBool(orig),
 				});
@ -572,7 +572,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		case 491:  // user is not operator
 			if ( irc_oper_response )
 				{
-				ConnectionEvent(irc_oper_response, {
+				ConnectionEventFast(irc_oper_response, {
 					BuildConnVal(),
 					val_mgr->GetBool(orig),
 					val_mgr->GetBool(code == 381),
@ -587,7 +587,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		// All other server replies.
 		default:
-			ConnectionEvent(irc_reply, {
+			if ( irc_reply )
 				ConnectionEventFast(irc_reply, {
 					BuildConnVal(),
 					val_mgr->GetBool(orig),
 					new StringVal(prefix.c_str()),
@ -657,7 +658,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				}
-			ConnectionEvent(irc_dcc_message, {
+			if ( irc_dcc_message )
 				ConnectionEventFast(irc_dcc_message, {
 					BuildConnVal(),
 					val_mgr->GetBool(orig),
 					new StringVal(prefix.c_str()),
@ -674,7 +676,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		else
 			{
-			ConnectionEvent(irc_privmsg_message, {
+			if ( irc_privmsg_message )
 				ConnectionEventFast(irc_privmsg_message, {
 					BuildConnVal(),
 					val_mgr->GetBool(orig),
 					new StringVal(prefix.c_str()),
@ -699,7 +702,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		if ( message[0] == ':' )
 			message = message.substr(1);
-		ConnectionEvent(irc_notice_message, {
+		ConnectionEventFast(irc_notice_message, {
 			BuildConnVal(),
 			val_mgr->GetBool(orig),
 			new StringVal(prefix.c_str()),
@ -723,7 +726,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		if ( message[0] == ':' )
 			message = message.substr(1);
-		ConnectionEvent(irc_squery_message, {
+		ConnectionEventFast(irc_squery_message, {
 			BuildConnVal(),
 			val_mgr->GetBool(orig),
 			new StringVal(prefix.c_str()),
@ -763,7 +766,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		const char* name = realname.c_str();
 		vl.append(new StringVal(*name == ':' ? name + 1 : name));
-		ConnectionEvent(irc_user_message, std::move(vl));
+		ConnectionEventFast(irc_user_message, std::move(vl));
 		}
 	else if ( irc_oper_message && command == "OPER" )
@ -772,7 +775,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		vector<string> parts = SplitWords(params, ' ');
 		if ( parts.size() == 2 )
 			{
-			ConnectionEvent(irc_oper_message, {
+			ConnectionEventFast(irc_oper_message, {
 				BuildConnVal(),
 				val_mgr->GetBool(orig),
 				new StringVal(parts[0].c_str()),
@ -814,7 +817,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		else
 			vl.append(val_mgr->GetEmptyString());
-		ConnectionEvent(irc_kick_message, std::move(vl));
+		ConnectionEventFast(irc_kick_message, std::move(vl));
 		}
 	else if ( irc_join_message && command == "JOIN" )
@ -862,7 +865,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			Unref(info);
 			}
-		ConnectionEvent(irc_join_message, {
+		ConnectionEventFast(irc_join_message, {
 			BuildConnVal(),
 			val_mgr->GetBool(orig),
 			list,
@ -923,7 +926,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			Unref(info);
 			}
-		ConnectionEvent(irc_join_message, {
+		ConnectionEventFast(irc_join_message, {
 			BuildConnVal(),
 			val_mgr->GetBool(orig),
 			list,
@ -963,7 +966,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			Unref(idx);
 			}
-		ConnectionEvent(irc_part_message, {
+		ConnectionEventFast(irc_part_message, {
 			BuildConnVal(),
 			val_mgr->GetBool(orig),
 			new StringVal(nick.c_str()),
@ -986,7 +989,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				nickname = prefix.substr(0, pos);
 			}
-		ConnectionEvent(irc_quit_message, {
+		ConnectionEventFast(irc_quit_message, {
 			BuildConnVal(),
 			val_mgr->GetBool(orig),
 			new StringVal(nickname.c_str()),
@ -1000,7 +1003,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		if ( nick[0] == ':' )
 			nick = nick.substr(1);
-		ConnectionEvent(irc_nick_message, {
+		ConnectionEventFast(irc_nick_message, {
 			BuildConnVal(),
 			val_mgr->GetBool(orig),
 			new StringVal(prefix.c_str()),
@ -1025,7 +1028,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		if ( parts.size() > 0 && parts[0].size() > 0 && parts[0][0] == ':' )
 			parts[0] = parts[0].substr(1);
-		ConnectionEvent(irc_who_message, {
+		ConnectionEventFast(irc_who_message, {
 			BuildConnVal(),
 			val_mgr->GetBool(orig),
 			parts.size() > 0 ?
@ -1055,7 +1058,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		else
 			users = parts[0];
-		ConnectionEvent(irc_whois_message, {
+		ConnectionEventFast(irc_whois_message, {
 			BuildConnVal(),
 			val_mgr->GetBool(orig),
 			new StringVal(server.c_str()),
@ -1068,7 +1071,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		if ( params[0] == ':' )
 			params = params.substr(1);
-		ConnectionEvent(irc_error_message, {
+		ConnectionEventFast(irc_error_message, {
 			BuildConnVal(),
 			val_mgr->GetBool(orig),
 			new StringVal(prefix.c_str()),
@ -1084,7 +1087,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 			if ( parts[1].size() > 0 && parts[1][0] == ':' )
 				parts[1] = parts[1].substr(1);
-			ConnectionEvent(irc_invite_message, {
+			ConnectionEventFast(irc_invite_message, {
 				BuildConnVal(),
 				val_mgr->GetBool(orig),
 				new StringVal(prefix.c_str()),
@ -1100,7 +1103,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		{
 		if ( params.size() > 0 )
 			{
-			ConnectionEvent(irc_mode_message, {
+			ConnectionEventFast(irc_mode_message, {
 				BuildConnVal(),
 				val_mgr->GetBool(orig),
 				new StringVal(prefix.c_str()),
@ -1114,7 +1117,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 	else if ( irc_password_message && command == "PASS" )
 		{
-		ConnectionEvent(irc_password_message, {
+		ConnectionEventFast(irc_password_message, {
 			BuildConnVal(),
 			val_mgr->GetBool(orig),
 			new StringVal(params.c_str()),
@ -1136,7 +1139,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 				message = message.substr(1);
 			}
-		ConnectionEvent(irc_squit_message, {
+		ConnectionEventFast(irc_squit_message, {
 			BuildConnVal(),
 			val_mgr->GetBool(orig),
 			new StringVal(prefix.c_str()),
@ -1150,7 +1153,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		{
 		if ( irc_request )
 			{
-			ConnectionEvent(irc_request, {
+			ConnectionEventFast(irc_request, {
 				BuildConnVal(),
 				val_mgr->GetBool(orig),
 				new StringVal(prefix.c_str()),
@ -1164,7 +1167,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
 		{
 		if ( irc_message )
 			{
-			ConnectionEvent(irc_message, {
+			ConnectionEventFast(irc_message, {
 				BuildConnVal(),
 				val_mgr->GetBool(orig),
 				new StringVal(prefix.c_str()),
@ -1199,7 +1202,8 @@ void IRC_Analyzer::StartTLS()
 	if ( ssl )
 		AddChildAnalyzer(ssl);
-	ConnectionEvent(irc_starttls, {BuildConnVal()});
+	if ( irc_starttls )
 		ConnectionEventFast(irc_starttls, {BuildConnVal()});
 	}
 vector<string> IRC_Analyzer::SplitWords(const string input, const char split)
--- a/src/analyzer/protocol/login/Login.cc
+++ b/src/analyzer/protocol/login/Login.cc
@ -289,7 +289,7 @@ void Login_Analyzer::AuthenticationDialog(bool orig, char* line)
 		{
 		if ( authentication_skipped )
 			{
-			ConnectionEvent(authentication_skipped, {BuildConnVal()});
+			ConnectionEventFast(authentication_skipped, {BuildConnVal()});
 			}
 		state = LOGIN_STATE_SKIP;
@ -332,7 +332,7 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val)
 		else if ( login_terminal && streq(name, "TERM") )
 			{
-			ConnectionEvent(login_terminal, {
+			ConnectionEventFast(login_terminal, {
 				BuildConnVal(),
 				new StringVal(val),
 			});
@ -340,7 +340,7 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val)
 		else if ( login_display && streq(name, "DISPLAY") )
 			{
-			ConnectionEvent(login_display, {
+			ConnectionEventFast(login_display, {
 				BuildConnVal(),
 				new StringVal(val),
 			});
@ -348,7 +348,7 @@ void Login_Analyzer::SetEnv(bool orig, char* name, char* val)
 		else if ( login_prompt && streq(name, "TTYPROMPT") )
 			{
-			ConnectionEvent(login_prompt, {
+			ConnectionEventFast(login_prompt, {
 				BuildConnVal(),
 				new StringVal(val),
 			});
@ -425,7 +425,7 @@ void Login_Analyzer::LoginEvent(EventHandlerPtr f, const char* line,
 	Val* password = HaveTypeahead() ?
 				PopUserTextVal() : new StringVal("<none>");
-	ConnectionEvent(f, {
+	ConnectionEventFast(f, {
 		BuildConnVal(),
 		username->Ref(),
 		client_name ? client_name->Ref() : val_mgr->GetEmptyString(),
@ -444,7 +444,10 @@ const char* Login_Analyzer::GetUsername(const char* line) const
 void Login_Analyzer::LineEvent(EventHandlerPtr f, const char* line)
 	{
-	ConnectionEvent(f, {
+	if ( ! f )
 		return;
 	ConnectionEventFast(f, {
 		BuildConnVal(),
 		new StringVal(line),
 	});
@ -457,7 +460,7 @@ void Login_Analyzer::Confused(const char* msg, const char* line)
 	if ( login_confused )
 		{
-		ConnectionEvent(login_confused, {
+		ConnectionEventFast(login_confused, {
 			BuildConnVal(),
 			new StringVal(msg),
 			new StringVal(line),
@ -483,7 +486,7 @@ void Login_Analyzer::ConfusionText(const char* line)
 	{
 	if ( login_confused_text )
 		{
-		ConnectionEvent(login_confused_text, {
+		ConnectionEventFast(login_confused_text, {
 			BuildConnVal(),
 			new StringVal(line),
 		});
--- a/src/analyzer/protocol/login/NVT.cc
+++ b/src/analyzer/protocol/login/NVT.cc
@ -461,7 +461,7 @@ void NVT_Analyzer::SetTerminal(const u_char* terminal, int len)
 	{
 	if ( login_terminal )
 		{
-		ConnectionEvent(login_terminal, {
+		ConnectionEventFast(login_terminal, {
 			BuildConnVal(),
 			new StringVal(new BroString(terminal, len, 0)),
 		});
--- a/src/analyzer/protocol/login/RSH.cc
+++ b/src/analyzer/protocol/login/RSH.cc
@ -183,11 +183,11 @@ void Rsh_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
 		else
 			vl.append(val_mgr->GetFalse());
-		ConnectionEvent(rsh_request, std::move(vl));
+		ConnectionEventFast(rsh_request, std::move(vl));
 		}
 	else
-		ConnectionEvent(rsh_reply, std::move(vl));
+		ConnectionEventFast(rsh_reply, std::move(vl));
 	}
 void Rsh_Analyzer::ClientUserName(const char* s)
--- a/src/analyzer/protocol/login/Rlogin.cc
+++ b/src/analyzer/protocol/login/Rlogin.cc
@ -244,7 +244,7 @@ void Rlogin_Analyzer::TerminalType(const char* s)
 	{
 	if ( login_terminal )
 		{
-		ConnectionEvent(login_terminal, {
+		ConnectionEventFast(login_terminal, {
 			BuildConnVal(),
 			new StringVal(s),
 		});
--- a/src/analyzer/protocol/mime/MIME.cc
+++ b/src/analyzer/protocol/mime/MIME.cc
@ -1358,7 +1358,7 @@ void MIME_Mail::Done()
 		hash_final(md5_hash, digest);
 		md5_hash = nullptr;
-		analyzer->ConnectionEvent(mime_content_hash, {
+		analyzer->ConnectionEventFast(mime_content_hash, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetCount(content_hash_length),
 			new StringVal(new BroString(1, digest, 16)),
@ -1386,7 +1386,7 @@ void MIME_Mail::BeginEntity(MIME_Entity* /* entity */)
 	cur_entity_id.clear();
 	if ( mime_begin_entity )
-		analyzer->ConnectionEvent(mime_begin_entity, {analyzer->BuildConnVal()});
+		analyzer->ConnectionEventFast(mime_begin_entity, {analyzer->BuildConnVal()});
 	buffer_start = data_start = 0;
 	ASSERT(entity_content.size() == 0);
@ -1398,8 +1398,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */)
 		{
 		BroString* s = concatenate(entity_content);
-
+		analyzer->ConnectionEventFast(mime_entity_data, {
 		analyzer->ConnectionEvent(mime_entity_data, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetCount(s->Len()),
 			new StringVal(s),
@ -1412,7 +1411,7 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */)
 		}
 	if ( mime_end_entity )
-		analyzer->ConnectionEvent(mime_end_entity, {analyzer->BuildConnVal()});
+		analyzer->ConnectionEventFast(mime_end_entity, {analyzer->BuildConnVal()});
 	file_mgr->EndOfFile(analyzer->GetAnalyzerTag(), analyzer->Conn());
 	cur_entity_id.clear();
@ -1422,7 +1421,7 @@ void MIME_Mail::SubmitHeader(MIME_Header* h)
 	{
 	if ( mime_one_header )
 		{
-		analyzer->ConnectionEvent(mime_one_header, {
+		analyzer->ConnectionEventFast(mime_one_header, {
 			analyzer->BuildConnVal(),
 			BuildHeaderVal(h),
 		});
@ -1433,7 +1432,7 @@ void MIME_Mail::SubmitAllHeaders(MIME_HeaderList& hlist)
 	{
 	if ( mime_all_headers )
 		{
-		analyzer->ConnectionEvent(mime_all_headers, {
+		analyzer->ConnectionEventFast(mime_all_headers, {
 			analyzer->BuildConnVal(),
 			BuildHeaderTable(hlist),
 		});
@ -1470,7 +1469,7 @@ void MIME_Mail::SubmitData(int len, const char* buf)
 		const char* data = (char*) data_buffer->Bytes() + data_start;
 		int data_len = (buf + len) - data;
-		analyzer->ConnectionEvent(mime_segment_data, {
+		analyzer->ConnectionEventFast(mime_segment_data, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetCount(data_len),
 			new StringVal(data_len, data),
@ -1517,7 +1516,7 @@ void MIME_Mail::SubmitAllData()
 		BroString* s = concatenate(all_content);
 		delete_strings(all_content);
-		analyzer->ConnectionEvent(mime_all_data, {
+		analyzer->ConnectionEventFast(mime_all_data, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetCount(s->Len()),
 			new StringVal(s),
@ -1546,7 +1545,7 @@ void MIME_Mail::SubmitEvent(int event_type, const char* detail)
 	if ( mime_event )
 		{
-		analyzer->ConnectionEvent(mime_event, {
+		analyzer->ConnectionEventFast(mime_event, {
 			analyzer->BuildConnVal(),
 			new StringVal(category),
 			new StringVal(detail),
--- a/src/analyzer/protocol/ncp/NCP.cc
+++ b/src/analyzer/protocol/ncp/NCP.cc
@ -63,7 +63,7 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame)
 		{
 		if ( frame->is_orig() )
 			{
-			analyzer->ConnectionEvent(f, {
+			analyzer->ConnectionEventFast(f, {
 				analyzer->BuildConnVal(),
 				val_mgr->GetCount(frame->frame_type()),
 				val_mgr->GetCount(frame->body_length()),
@ -72,7 +72,7 @@ void NCP_Session::DeliverFrame(const binpac::NCP::ncp_frame* frame)
 			}
 		else
 			{
-			analyzer->ConnectionEvent(f, {
+			analyzer->ConnectionEventFast(f, {
 				analyzer->BuildConnVal(),
 				val_mgr->GetCount(frame->frame_type()),
 				val_mgr->GetCount(frame->body_length()),
--- a/src/analyzer/protocol/netbios/NetbiosSSN.cc
+++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc
@ -58,7 +58,7 @@ int NetbiosSSN_Interpreter::ParseMessage(unsigned int type, unsigned int flags,
 	{
 	if ( netbios_session_message )
 		{
-		analyzer->ConnectionEvent(netbios_session_message, {
+		analyzer->ConnectionEventFast(netbios_session_message, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetBool(is_query),
 			val_mgr->GetCount(type),
@ -330,14 +330,14 @@ void NetbiosSSN_Interpreter::Event(EventHandlerPtr event, const u_char* data,
 	if ( is_orig >= 0 )
 		{
-		analyzer->ConnectionEvent(event, {
+		analyzer->ConnectionEventFast(event, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetBool(is_orig),
 			new StringVal(new BroString(data, len, 0)),
 		});
 		}
 	else
-		analyzer->ConnectionEvent(event, {
+		analyzer->ConnectionEventFast(event, {
 			analyzer->BuildConnVal(),
 			new StringVal(new BroString(data, len, 0)),
 		});
--- a/src/analyzer/protocol/ntlm/ntlm-analyzer.pac
+++ b/src/analyzer/protocol/ntlm/ntlm-analyzer.pac
@ -94,6 +94,9 @@ refine connection NTLM_Conn += {
 	function proc_ntlm_negotiate(val: NTLM_Negotiate): bool
 		%{
 		if ( ! ntlm_negotiate )
 			return true;
 		RecordVal* result = new RecordVal(BifType::Record::NTLM::Negotiate);
 		result->Assign(0, build_negotiate_flag_record(${val.flags}));
@ -115,6 +118,9 @@ refine connection NTLM_Conn += {
 	function proc_ntlm_challenge(val: NTLM_Challenge): bool
 		%{
 		if ( ! ntlm_challenge )
 			return true;
 		RecordVal* result = new RecordVal(BifType::Record::NTLM::Challenge);
 		result->Assign(0, build_negotiate_flag_record(${val.flags}));
@ -136,6 +142,9 @@ refine connection NTLM_Conn += {
 	function proc_ntlm_authenticate(val: NTLM_Authenticate): bool
 		%{
 		if ( ! ntlm_authenticate )
 			return true;
 		RecordVal* result = new RecordVal(BifType::Record::NTLM::Authenticate);
 		result->Assign(0, build_negotiate_flag_record(${val.flags}));
--- a/src/analyzer/protocol/ntp/NTP.cc
+++ b/src/analyzer/protocol/ntp/NTP.cc
@ -62,6 +62,9 @@ void NTP_Analyzer::Message(const u_char* data, int len)
 	len -= sizeof *ntp_data;
 	data += sizeof *ntp_data;
 	if ( ! ntp_message )
 		return;
 	RecordVal* msg = new RecordVal(ntp_msg);
 	unsigned int code = ntp_data->status & 0x7;
@ -78,7 +81,7 @@ void NTP_Analyzer::Message(const u_char* data, int len)
 	msg->Assign(9, new Val(LongFloat(ntp_data->rec), TYPE_TIME));
 	msg->Assign(10, new Val(LongFloat(ntp_data->xmt), TYPE_TIME));
-	ConnectionEvent(ntp_message, {
+	ConnectionEventFast(ntp_message, {
 		BuildConnVal(),
 		msg,
 		new StringVal(new BroString(data, len, 0)),
--- a/src/analyzer/protocol/pop3/POP3.cc
+++ b/src/analyzer/protocol/pop3/POP3.cc
@ -833,7 +833,8 @@ void POP3_Analyzer::StartTLS()
 	if ( ssl )
 		AddChildAnalyzer(ssl);
-	ConnectionEvent(pop3_starttls, {BuildConnVal()});
+	if ( pop3_starttls )
 		ConnectionEventFast(pop3_starttls, {BuildConnVal()});
 	}
 void POP3_Analyzer::AuthSuccessfull()
@ -932,5 +933,5 @@ void POP3_Analyzer::POP3Event(EventHandlerPtr event, bool is_orig,
 	if ( arg2 )
 		vl.append(new StringVal(arg2));
-	ConnectionEvent(event, std::move(vl));
+	ConnectionEventFast(event, std::move(vl));
 	}
--- a/src/analyzer/protocol/rfb/rfb-analyzer.pac
+++ b/src/analyzer/protocol/rfb/rfb-analyzer.pac
@ -1,6 +1,7 @@
 refine flow RFB_Flow += {
 	function proc_rfb_message(msg: RFB_PDU): bool
 		%{
 		if ( rfb_event )
 			BifEvent::generate_rfb_event(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn());
 		return true;
 		%}
@ -9,12 +10,14 @@ refine flow RFB_Flow += {
 		%{
 		if (client)
 			{
 			if ( rfb_client_version )
 				BifEvent::generate_rfb_client_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor));
 			connection()->bro_analyzer()->ProtocolConfirmation();
 			}
 			else
 			{
 			if ( rfb_server_version )
 				BifEvent::generate_rfb_server_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor));
 			}
 		return true;
@ -22,30 +25,35 @@ refine flow RFB_Flow += {
 	function proc_rfb_share_flag(shared: bool) : bool
 		%{
 		if ( rfb_share_flag )
 			BifEvent::generate_rfb_share_flag(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), shared);
 		return true;
 		%}
 	function proc_security_types(msg: RFBSecurityTypes) : bool
 		%{
 		if ( rfb_authentication_type )
 			BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.sectype});
 		return true;
 		%}
 	function proc_security_types37(msg: RFBAuthTypeSelected) : bool
 		%{
 		if ( rfb_authentication_type )
 			BifEvent::generate_rfb_authentication_type(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.type});
 		return true;
 		%}
 	function proc_handle_server_params(msg:RFBServerInit) : bool
 		%{
 		if ( rfb_server_parameters )
 			BifEvent::generate_rfb_server_parameters(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.name}), ${msg.width}, ${msg.height});
 		return true;
 		%}
 	function proc_handle_security_result(result : uint32) : bool
 		%{
 		if ( rfb_auth_result )
 			BifEvent::generate_rfb_auth_result(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), result);
 		return true;
 		%}
--- a/src/analyzer/protocol/rpc/MOUNT.cc
+++ b/src/analyzer/protocol/rpc/MOUNT.cc
@ -95,7 +95,7 @@ int MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status
 		{
 		auto vl = event_common_vl(c, rpc_status, mount_status,
 					   start_time, last_time, reply_len, 0);
-		analyzer->ConnectionEvent(mount_reply_status, std::move(vl));
+		analyzer->ConnectionEventFast(mount_reply_status, std::move(vl));
 		}
 	if ( ! rpc_success )
@ -173,7 +173,7 @@ int MOUNT_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status
 		if ( reply )
 			vl.append(reply);
-		analyzer->ConnectionEvent(event, std::move(vl));
+		analyzer->ConnectionEventFast(event, std::move(vl));
 		}
 	else
 		Unref(reply);
--- a/src/analyzer/protocol/rpc/NFS.cc
+++ b/src/analyzer/protocol/rpc/NFS.cc
@ -149,7 +149,7 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status,
 		{
 		auto vl = event_common_vl(c, rpc_status, nfs_status,
 					       start_time, last_time, reply_len, 0);
-		analyzer->ConnectionEvent(nfs_reply_status, std::move(vl));
+		analyzer->ConnectionEventFast(nfs_reply_status, std::move(vl));
 		}
 	if ( ! rpc_success )
@ -285,7 +285,7 @@ int NFS_Interp::RPC_BuildReply(RPC_CallInfo* c, BifEnum::rpc_status rpc_status,
 		if ( reply )
 			vl.append(reply);
-		analyzer->ConnectionEvent(event, std::move(vl));
+		analyzer->ConnectionEventFast(event, std::move(vl));
 		}
 	else
 		Unref(reply);
--- a/src/analyzer/protocol/rpc/Portmap.cc
+++ b/src/analyzer/protocol/rpc/Portmap.cc
@ -261,7 +261,7 @@ uint32 PortmapperInterp::CheckPort(uint32 port)
 		{
 		if ( pm_bad_port )
 			{
-			analyzer->ConnectionEvent(pm_bad_port, {
+			analyzer->ConnectionEventFast(pm_bad_port, {
 				analyzer->BuildConnVal(),
 				val_mgr->GetCount(port),
 			});
@ -300,7 +300,7 @@ void PortmapperInterp::Event(EventHandlerPtr f, Val* request, BifEnum::rpc_statu
 			vl.append(request);
 		}
-	analyzer->ConnectionEvent(f, std::move(vl));
+	analyzer->ConnectionEventFast(f, std::move(vl));
 	}
 Portmapper_Analyzer::Portmapper_Analyzer(Connection* conn)
--- a/src/analyzer/protocol/rpc/RPC.cc
+++ b/src/analyzer/protocol/rpc/RPC.cc
@ -330,7 +330,7 @@ void RPC_Interpreter::Event_RPC_Dialogue(RPC_CallInfo* c, BifEnum::rpc_status st
 	{
 	if ( rpc_dialogue )
 		{
-		analyzer->ConnectionEvent(rpc_dialogue, {
+		analyzer->ConnectionEventFast(rpc_dialogue, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetCount(c->Program()),
 			val_mgr->GetCount(c->Version()),
@ -347,7 +347,7 @@ void RPC_Interpreter::Event_RPC_Call(RPC_CallInfo* c)
 	{
 	if ( rpc_call )
 		{
-		analyzer->ConnectionEvent(rpc_call, {
+		analyzer->ConnectionEventFast(rpc_call, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetCount(c->XID()),
 			val_mgr->GetCount(c->Program()),
@ -362,7 +362,7 @@ void RPC_Interpreter::Event_RPC_Reply(uint32_t xid, BifEnum::rpc_status status,
 	{
 	if ( rpc_reply )
 		{
-		analyzer->ConnectionEvent(rpc_reply, {
+		analyzer->ConnectionEventFast(rpc_reply, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetCount(xid),
 			BifType::Enum::rpc_status->GetVal(status),
--- a/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac
+++ b/src/analyzer/protocol/smb/smb1-com-nt-create-andx.pac
@ -6,6 +6,8 @@ refine connection SMB_Conn += {
 		     BifConst::SMB::pipe_filenames->AsTable()->Lookup(filename->CheckString()) )
 			{
 			set_tree_is_pipe(${header.tid});
 			if ( smb_pipe_connect_heuristic )
 				BifEvent::generate_smb_pipe_connect_heuristic(bro_analyzer(),
 				                                              bro_analyzer()->Conn());
 			}
--- a/src/analyzer/protocol/smb/smb1-protocol.pac
+++ b/src/analyzer/protocol/smb/smb1-protocol.pac
@ -66,6 +66,7 @@ refine connection SMB_Conn += {
 			}
 		else
 			{
 			if ( smb1_error )
 				BifEvent::generate_smb1_error(bro_analyzer(),
 				                              bro_analyzer()->Conn(),
 				                              BuildHeaderVal(h), is_orig);
--- a/src/analyzer/protocol/smb/smb2-com-create.pac
+++ b/src/analyzer/protocol/smb/smb2-com-create.pac
@ -7,6 +7,8 @@ refine connection SMB_Conn += {
 		     BifConst::SMB::pipe_filenames->AsTable()->Lookup(filename->CheckString()) )
 			{
 			set_tree_is_pipe(${h.tree_id});
 			if ( smb_pipe_connect_heuristic )
 				BifEvent::generate_smb_pipe_connect_heuristic(bro_analyzer(),
 				                                              bro_analyzer()->Conn());
 			}
--- a/src/analyzer/protocol/smtp/SMTP.cc
+++ b/src/analyzer/protocol/smtp/SMTP.cc
@ -220,7 +220,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig)
 			if ( smtp_data && ! skip_data )
 				{
-				ConnectionEvent(smtp_data, {
+				ConnectionEventFast(smtp_data, {
 					BuildConnVal(),
 					val_mgr->GetBool(orig),
 					new StringVal(data_len, line),
@ -350,7 +350,7 @@ void SMTP_Analyzer::ProcessLine(int length, const char* line, bool orig)
 						break;
 				}
-				ConnectionEvent(smtp_reply, {
+				ConnectionEventFast(smtp_reply, {
 					BuildConnVal(),
 					val_mgr->GetBool(orig),
 					val_mgr->GetCount(reply_code),
@ -410,7 +410,8 @@ void SMTP_Analyzer::StartTLS()
 	if ( ssl )
 		AddChildAnalyzer(ssl);
-	ConnectionEvent(smtp_starttls, {BuildConnVal()});
+	if ( smtp_starttls )
 		ConnectionEventFast(smtp_starttls, {BuildConnVal()});
 	}
@ -852,7 +853,9 @@ void SMTP_Analyzer::RequestEvent(int cmd_len, const char* cmd,
 				int arg_len, const char* arg)
 	{
 	ProtocolConfirmation();
-	ConnectionEvent(smtp_request, {
+
 	if ( smtp_request )
 		ConnectionEventFast(smtp_request, {
 			BuildConnVal(),
 			val_mgr->GetBool(orig_is_sender),
 			(new StringVal(cmd_len, cmd))->ToUpper(),
@ -872,7 +875,7 @@ void SMTP_Analyzer::Unexpected(const int is_sender, const char* msg,
 		if ( ! orig_is_sender )
 			is_orig = ! is_orig;
-		ConnectionEvent(smtp_unexpected, {
+		ConnectionEventFast(smtp_unexpected, {
 			BuildConnVal(),
 			val_mgr->GetBool(is_orig),
 			new StringVal(msg),
--- a/src/analyzer/protocol/socks/socks-analyzer.pac
+++ b/src/analyzer/protocol/socks/socks-analyzer.pac
@ -22,8 +22,11 @@ refine connection SOCKS_Conn += {
 	function socks4_request(request: SOCKS4_Request): bool
 		%{
 		if ( socks_request )
 			{
 			RecordVal* sa = new RecordVal(socks_address);
 			sa->Assign(0, new AddrVal(htonl(${request.addr})));
 			if ( ${request.v4a} )
 				sa->Assign(1, array_to_string(${request.name}));
@ -34,6 +37,7 @@ refine connection SOCKS_Conn += {
 			                                 sa,
 			                                 val_mgr->GetPort(${request.port}, TRANSPORT_TCP),
 			                                 array_to_string(${request.user}));
 			}
 		static_cast<analyzer::socks::SOCKS_Analyzer*>(bro_analyzer())->EndpointDone(true);
@ -42,6 +46,8 @@ refine connection SOCKS_Conn += {
 	function socks4_reply(reply: SOCKS4_Reply): bool
 		%{
 		if ( socks_reply )
 			{
 			RecordVal* sa = new RecordVal(socks_address);
 			sa->Assign(0, new AddrVal(htonl(${reply.addr})));
@ -51,6 +57,7 @@ refine connection SOCKS_Conn += {
 			                               ${reply.status},
 			                               sa,
 			                               val_mgr->GetPort(${reply.port}, TRANSPORT_TCP));
 			}
 		bro_analyzer()->ProtocolConfirmation();
 		static_cast<analyzer::socks::SOCKS_Analyzer*>(bro_analyzer())->EndpointDone(false);
@ -97,6 +104,7 @@ refine connection SOCKS_Conn += {
 				return false;
 			}
 		if ( socks_request )
 			BifEvent::generate_socks_request(bro_analyzer(),
 			                                 bro_analyzer()->Conn(),
 			                                 5,
@ -104,6 +112,8 @@ refine connection SOCKS_Conn += {
 			                                 sa,
 			                                 val_mgr->GetPort(${request.port}, TRANSPORT_TCP),
 			                                 val_mgr->GetEmptyString());
 		else
 			Unref(sa);
 		static_cast<analyzer::socks::SOCKS_Analyzer*>(bro_analyzer())->EndpointDone(true);
@ -136,12 +146,15 @@ refine connection SOCKS_Conn += {
 				return false;
 			}
 		if ( socks_reply )
 			BifEvent::generate_socks_reply(bro_analyzer(),
 			                               bro_analyzer()->Conn(),
 			                               5,
 			                               ${reply.reply},
 			                               sa,
 			                               val_mgr->GetPort(${reply.port}, TRANSPORT_TCP));
 		else
 			Unref(sa);
 		bro_analyzer()->ProtocolConfirmation();
 		static_cast<analyzer::socks::SOCKS_Analyzer*>(bro_analyzer())->EndpointDone(false);
@ -150,6 +163,9 @@ refine connection SOCKS_Conn += {
 	function socks5_auth_request_userpass(request: SOCKS5_Auth_Request_UserPass_v1): bool
 		%{
 		if ( ! socks_login_userpass_request )
 			return true;
 		StringVal* user = new StringVal(${request.username}.length(), (const char*) ${request.username}.begin());
 		StringVal* pass = new StringVal(${request.password}.length(), (const char*) ${request.password}.begin());
@ -173,6 +189,7 @@ refine connection SOCKS_Conn += {
 	function socks5_auth_reply_userpass(reply: SOCKS5_Auth_Reply_UserPass_v1): bool
 		%{
 		if ( socks_login_userpass_reply )
 			BifEvent::generate_socks_login_userpass_reply(bro_analyzer(),
 			                                              bro_analyzer()->Conn(),
 			                                              ${reply.code});
--- a/src/analyzer/protocol/ssl/ssl-analyzer.pac
+++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac
@ -17,8 +17,8 @@ refine connection SSL_Conn += {
 	function proc_v2_client_master_key(rec: SSLRecord, cipher_kind: int) : bool
 		%{
-		BifEvent::generate_ssl_established(bro_analyzer(),
+		if ( ssl_established )
-				bro_analyzer()->Conn());
+			BifEvent::generate_ssl_established(bro_analyzer(), bro_analyzer()->Conn());
 		return true;
 		%}
--- a/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac
+++ b/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac
@ -31,6 +31,7 @@ refine connection SSL_Conn += {
 	function proc_alert(rec: SSLRecord, level : int, desc : int) : bool
 		%{
 		if ( ssl_alert )
 			BifEvent::generate_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(),
 							${rec.is_orig}, level, desc);
 		return true;
@ -50,8 +51,8 @@ refine connection SSL_Conn += {
 		      established_ == false )
 			{
 			established_ = true;
-			BifEvent::generate_ssl_established(bro_analyzer(),
+			if ( ssl_established )
-							bro_analyzer()->Conn());
+				BifEvent::generate_ssl_established(bro_analyzer(), bro_analyzer()->Conn());
 			}
 		if ( ssl_encrypted_data )
@ -72,6 +73,7 @@ refine connection SSL_Conn += {
 	function proc_heartbeat(rec : SSLRecord, type: uint8, payload_length: uint16, data: bytestring) : bool
 		%{
 		if ( ssl_heartbeat )
 			BifEvent::generate_ssl_heartbeat(bro_analyzer(),
 				bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length}, type, payload_length,
 				new StringVal(data.length(), (const char*) data.data()));
@ -93,6 +95,7 @@ refine connection SSL_Conn += {
 	function proc_ccs(rec: SSLRecord) : bool
 		%{
 		if ( ssl_change_cipher_spec )
 			BifEvent::generate_ssl_change_cipher_spec(bro_analyzer(),
 				bro_analyzer()->Conn(), ${rec.is_orig});
--- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
+++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
@ -72,6 +72,9 @@ refine connection Handshake_Conn += {
 	function proc_ec_point_formats(rec: HandshakeRecord, point_format_list: uint8[]) : bool
 		%{
 		if ( ! ssl_extension_ec_point_formats )
 			return true;
 		VectorVal* points = new VectorVal(internal_type("index_vec")->AsVectorType());
 		if ( point_format_list )
@ -88,6 +91,9 @@ refine connection Handshake_Conn += {
 	function proc_elliptic_curves(rec: HandshakeRecord, list: uint16[]) : bool
 		%{
 		if ( ! ssl_extension_elliptic_curves )
 			return true;
 		VectorVal* curves = new VectorVal(internal_type("index_vec")->AsVectorType());
 		if ( list )
@ -104,6 +110,9 @@ refine connection Handshake_Conn += {
 	function proc_client_key_share(rec: HandshakeRecord, keyshare: KeyShareEntry[]) : bool
 		%{
 		if ( ! ssl_extension_key_share )
 			return true;
 		VectorVal* nglist = new VectorVal(internal_type("index_vec")->AsVectorType());
 		if ( keyshare )
@ -113,11 +122,15 @@ refine connection Handshake_Conn += {
 			}
 		BifEvent::generate_ssl_extension_key_share(bro_analyzer(), bro_analyzer()->Conn(), ${rec.is_orig}, nglist);
 		return true;
 		%}
 	function proc_server_key_share(rec: HandshakeRecord, keyshare: KeyShareEntry) : bool
 		%{
 		if ( ! ssl_extension_key_share )
 			return true;
 		VectorVal* nglist = new VectorVal(internal_type("index_vec")->AsVectorType());
 		nglist->Assign(0u, val_mgr->GetCount(keyshare->namedgroup()));
@ -127,6 +140,9 @@ refine connection Handshake_Conn += {
 	function proc_signature_algorithm(rec: HandshakeRecord, supported_signature_algorithms: SignatureAndHashAlgorithm[]) : bool
 		%{
 		if ( ! ssl_extension_signature_algorithm )
 			return true;
 		VectorVal* slist = new VectorVal(internal_type("signature_and_hashalgorithm_vec")->AsVectorType());
 		if ( supported_signature_algorithms )
@ -147,6 +163,9 @@ refine connection Handshake_Conn += {
 	function proc_apnl(rec: HandshakeRecord, protocols: ProtocolName[]) : bool
 		%{
 		if ( ! ssl_extension_application_layer_protocol_negotiation )
 			return true;
 		VectorVal* plist = new VectorVal(internal_type("string_vec")->AsVectorType());
 		if ( protocols )
@ -183,14 +202,20 @@ refine connection Handshake_Conn += {
 				}
 			}
 		if ( ssl_extension_server_name )
 			BifEvent::generate_ssl_extension_server_name(bro_analyzer(), bro_analyzer()->Conn(),
 		   	   ${rec.is_orig}, servers);
 		else
 			Unref(servers);
 		return true;
 		%}
 	function proc_supported_versions(rec: HandshakeRecord, versions_list: uint16[]) : bool
 		%{
 		if ( ! ssl_extension_supported_versions )
 			return true;
 		VectorVal* versions = new VectorVal(internal_type("index_vec")->AsVectorType());
 		if ( versions_list )
@ -207,6 +232,9 @@ refine connection Handshake_Conn += {
 	function proc_one_supported_version(rec: HandshakeRecord, version: uint16) : bool
 		%{
 		if ( ! ssl_extension_supported_versions )
 			return true;
 		VectorVal* versions = new VectorVal(internal_type("index_vec")->AsVectorType());
 		versions->Assign(0u, val_mgr->GetCount(version));
@ -218,6 +246,9 @@ refine connection Handshake_Conn += {
 	function proc_psk_key_exchange_modes(rec: HandshakeRecord, mode_list: uint8[]) : bool
 		%{
 		if ( ! ssl_extension_psk_key_exchange_modes )
 			return true;
 		VectorVal* modes = new VectorVal(internal_type("index_vec")->AsVectorType());
 		if ( mode_list )
@ -272,10 +303,11 @@ refine connection Handshake_Conn += {
 			                 response.length(), bro_analyzer()->GetAnalyzerTag(),
 			                 bro_analyzer()->Conn(), false, file_id, "application/ocsp-response");
 			if ( ssl_stapled_ocsp )
 				BifEvent::generate_ssl_stapled_ocsp(bro_analyzer(),
-							    bro_analyzer()->Conn(), ${rec.is_orig},
+				        bro_analyzer()->Conn(),
-							    new StringVal(response.length(),
+				        ${rec.is_orig},
-							    (const char*) response.data()));
+				        new StringVal(response.length(), (const char*) response.data()));
 			file_mgr->EndOfFile(file_id);
 			}
@ -288,11 +320,16 @@ refine connection Handshake_Conn += {
 		if ( ${kex.curve_type} != NAMED_CURVE )
 			return true;
 		if ( ssl_server_curve )
 			BifEvent::generate_ssl_server_curve(bro_analyzer(),
 				bro_analyzer()->Conn(), ${kex.params.curve});
 		if ( ssl_ecdh_server_params )
 			BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(),
 				bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data()));
 		if ( ssl_server_signature )
 			{
 			RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm);
 			if ( ${kex.signed_params.uses_signature_and_hashalgorithm} )
 				{
@ -308,6 +345,7 @@ refine connection Handshake_Conn += {
 			BifEvent::generate_ssl_server_signature(bro_analyzer(),
 				bro_analyzer()->Conn(), ha, new StringVal(${kex.signed_params.signature}.length(), (const char*)(${kex.signed_params.signature}).data()));
 			}
 		return true;
 		%}
@ -317,8 +355,11 @@ refine connection Handshake_Conn += {
 		if ( ${kex.curve_type} != NAMED_CURVE )
 			return true;
 		if ( ssl_server_curve )
 			BifEvent::generate_ssl_server_curve(bro_analyzer(),
 				bro_analyzer()->Conn(), ${kex.params.curve});
 		if ( ssl_ecdh_server_params )
 			BifEvent::generate_ssl_ecdh_server_params(bro_analyzer(),
 				bro_analyzer()->Conn(), ${kex.params.curve}, new StringVal(${kex.params.point}.length(), (const char*)${kex.params.point}.data()));
@ -327,24 +368,33 @@ refine connection Handshake_Conn += {
 	function proc_rsa_client_key_exchange(rec: HandshakeRecord, rsa_pms: bytestring) : bool
 		%{
 		if ( ssl_rsa_client_pms )
 			BifEvent::generate_ssl_rsa_client_pms(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(rsa_pms.length(), (const char*)rsa_pms.data()));
 		return true;
 		%}
 	function proc_dh_client_key_exchange(rec: HandshakeRecord, Yc: bytestring) : bool
 		%{
 		if ( ssl_dh_client_params )
 			BifEvent::generate_ssl_dh_client_params(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(Yc.length(), (const char*)Yc.data()));
 		return true;
 		%}
 	function proc_ecdh_client_key_exchange(rec: HandshakeRecord, point: bytestring) : bool
 		%{
 		if ( ssl_ecdh_client_params )
 			BifEvent::generate_ssl_ecdh_client_params(bro_analyzer(), bro_analyzer()->Conn(), new StringVal(point.length(), (const char*)point.data()));
 		return true;
 		%}
 	function proc_signedcertificatetimestamp(rec: HandshakeRecord, version: uint8, logid: const_bytestring, timestamp: uint64, digitally_signed_algorithms: SignatureAndHashAlgorithm, digitally_signed_signature: const_bytestring) : bool
 		%{
 		if ( ! ssl_extension_signed_certificate_timestamp )
 			return true;
 		RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm);
 		ha->Assign(0, val_mgr->GetCount(digitally_signed_algorithms->HashAlgorithm()));
 		ha->Assign(1, val_mgr->GetCount(digitally_signed_algorithms->SignatureAlgorithm()));
@ -363,6 +413,7 @@ refine connection Handshake_Conn += {
 	function proc_dhe_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring, signed_params: ServerKeyExchangeSignature) : bool
 		%{
 		if ( ssl_ecdh_server_params )
 			BifEvent::generate_ssl_dh_server_params(bro_analyzer(),
 			  bro_analyzer()->Conn(),
 			  new StringVal(p.length(), (const char*) p.data()),
@ -370,6 +421,8 @@ refine connection Handshake_Conn += {
 			  new StringVal(Ys.length(), (const char*) Ys.data())
 			  );
 		if ( ssl_server_signature )
 			{
 			RecordVal* ha = new RecordVal(BifType::Record::SSL::SignatureAndHashAlgorithm);
 			if ( ${signed_params.uses_signature_and_hashalgorithm} )
 				{
@ -387,12 +440,14 @@ refine connection Handshake_Conn += {
 			  bro_analyzer()->Conn(), ha,
 			  new StringVal(${signed_params.signature}.length(), (const char*)(${signed_params.signature}).data())
 			  );
 			}
 		return true;
 		%}
 	function proc_dh_anon_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring) : bool
 		%{
 		if ( ssl_dh_server_params )
 			BifEvent::generate_ssl_dh_server_params(bro_analyzer(),
 			  bro_analyzer()->Conn(),
 			  new StringVal(p.length(), (const char*) p.data()),
@ -405,6 +460,7 @@ refine connection Handshake_Conn += {
 	function proc_handshake(is_orig: bool, msg_type: uint8, length: uint24) : bool
 		%{
 		if ( ssl_handshake_message )
 			BifEvent::generate_ssl_handshake_message(bro_analyzer(),
 				bro_analyzer()->Conn(), is_orig, msg_type, to_int()(length));
--- a/src/analyzer/protocol/stepping-stone/SteppingStone.cc
+++ b/src/analyzer/protocol/stepping-stone/SteppingStone.cc
@ -140,15 +140,18 @@ void SteppingStoneEndpoint::Event(EventHandlerPtr f, int id1, int id2)
 		return;
 	if ( id2 >= 0 )
-		endp->TCP()->ConnectionEvent(f, {val_mgr->GetInt(id1), val_mgr->GetInt(id2)});
+		endp->TCP()->ConnectionEventFast(f, {val_mgr->GetInt(id1), val_mgr->GetInt(id2)});
 	else
-		endp->TCP()->ConnectionEvent(f, {val_mgr->GetInt(id1)});
+		endp->TCP()->ConnectionEventFast(f, {val_mgr->GetInt(id1)});
 	}
 void SteppingStoneEndpoint::CreateEndpEvent(int is_orig)
 	{
-	endp->TCP()->ConnectionEvent(stp_create_endp, {
+	if ( ! stp_create_endp )
 		return;
 	endp->TCP()->ConnectionEventFast(stp_create_endp, {
 		endp->TCP()->BuildConnVal(),
 		val_mgr->GetInt(stp_id),
 		val_mgr->GetBool(is_orig),
--- a/src/analyzer/protocol/syslog/syslog-analyzer.pac
+++ b/src/analyzer/protocol/syslog/syslog-analyzer.pac
@ -11,6 +11,9 @@ flow Syslog_Flow
 	function process_syslog_message(m: Syslog_Message): bool
 		%{
 		if ( ! syslog_message )
 			return true;
 		if ( ${m.has_pri} )
 			BifEvent::generate_syslog_message(
 			    connection()->bro_analyzer(),
--- a/src/analyzer/protocol/tcp/TCP.cc
+++ b/src/analyzer/protocol/tcp/TCP.cc
@ -299,7 +299,7 @@ static void passive_fingerprint(TCP_Analyzer* tcp, bool is_orig,
 			if ( OS_val )
 				{ // found new OS version
-				tcp->ConnectionEvent(OS_version_found, {
+				tcp->ConnectionEventFast(OS_version_found, {
 					tcp->BuildConnVal(),
 					src_addr_val->Ref(),
 					OS_val,
@ -965,7 +965,7 @@ void TCP_Analyzer::GeneratePacketEvent(
 					const u_char* data, int len, int caplen,
 					int is_orig, TCP_Flags flags)
 	{
-	ConnectionEvent(tcp_packet, {
+	ConnectionEventFast(tcp_packet, {
 		BuildConnVal(),
 		val_mgr->GetBool(is_orig),
 		new StringVal(flags.AsString()),
@ -1280,7 +1280,7 @@ void TCP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 		if ( connection_SYN_packet )
 			{
-			ConnectionEvent(connection_SYN_packet, {
+			ConnectionEventFast(connection_SYN_packet, {
 				BuildConnVal(),
 				SYN_vals->Ref(),
 			});
@ -1500,7 +1500,7 @@ int TCP_Analyzer::TCPOptionEvent(unsigned int opt,
 	{
 	if ( tcp_option )
 		{
-		analyzer->ConnectionEvent(tcp_option, {
+		analyzer->ConnectionEventFast(tcp_option, {
 			analyzer->BuildConnVal(),
 			val_mgr->GetBool(is_orig),
 			val_mgr->GetCount(opt),
@ -1821,7 +1821,7 @@ void TCP_Analyzer::EndpointEOF(TCP_Reassembler* endp)
 	{
 	if ( connection_EOF )
 		{
-		ConnectionEvent(connection_EOF, {
+		ConnectionEventFast(connection_EOF, {
 			BuildConnVal(),
 			val_mgr->GetBool(endp->IsOrig()),
 		});
@ -2103,7 +2103,7 @@ int TCPStats_Endpoint::DataSent(double /* t */, uint64 seq, int len, int caplen,
 		if ( tcp_rexmit )
 			{
-			endp->TCP()->ConnectionEvent(tcp_rexmit, {
+			endp->TCP()->ConnectionEventFast(tcp_rexmit, {
 				endp->TCP()->BuildConnVal(),
 				val_mgr->GetBool(endp->IsOrig()),
 				val_mgr->GetCount(seq),
@ -2158,7 +2158,8 @@ void TCPStats_Analyzer::Done()
 	{
 	TCP_ApplicationAnalyzer::Done();
-	ConnectionEvent(conn_stats, {
+	if ( conn_stats )
 		ConnectionEventFast(conn_stats, {
 			BuildConnVal(),
 			orig_stats->BuildStats(),
 			resp_stats->BuildStats(),
--- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc
+++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc
@ -237,7 +237,7 @@ int TCP_Endpoint::DataSent(double t, uint64 seq, int len, int caplen,
 			if ( contents_file_write_failure )
 				{
-				tcp_analyzer->ConnectionEvent(contents_file_write_failure, {
+				tcp_analyzer->ConnectionEventFast(contents_file_write_failure, {
 					Conn()->BuildConnVal(),
 					val_mgr->GetBool(IsOrig()),
 					new StringVal(buf),
--- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc
+++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc
@ -136,7 +136,7 @@ void TCP_Reassembler::Gap(uint64 seq, uint64 len)
 	if ( report_gap(endp, endp->peer) )
 		{
-		dst_analyzer->ConnectionEvent(content_gap, {
+		dst_analyzer->ConnectionEventFast(content_gap, {
 			dst_analyzer->BuildConnVal(),
 			val_mgr->GetBool(IsOrig()),
 			val_mgr->GetCount(seq),
@ -335,7 +335,7 @@ void TCP_Reassembler::RecordBlock(DataBlock* b, BroFile* f)
 	if ( contents_file_write_failure )
 		{
-		tcp_analyzer->ConnectionEvent(contents_file_write_failure, {
+		tcp_analyzer->ConnectionEventFast(contents_file_write_failure, {
 			Endpoint()->Conn()->BuildConnVal(),
 			val_mgr->GetBool(IsOrig()),
 			new StringVal("TCP reassembler content write failure"),
@ -352,7 +352,7 @@ void TCP_Reassembler::RecordGap(uint64 start_seq, uint64 upper_seq, BroFile* f)
 	if ( contents_file_write_failure )
 		{
-		tcp_analyzer->ConnectionEvent(contents_file_write_failure, {
+		tcp_analyzer->ConnectionEventFast(contents_file_write_failure, {
 			Endpoint()->Conn()->BuildConnVal(),
 			val_mgr->GetBool(IsOrig()),
 			new StringVal("TCP reassembler gap write failure"),
@ -425,7 +425,7 @@ void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n)
 		BroString* b1_s = new BroString((const u_char*) b1, n, 0);
 		BroString* b2_s = new BroString((const u_char*) b2, n, 0);
-		tcp_analyzer->ConnectionEvent(rexmit_inconsistency, {
+		tcp_analyzer->ConnectionEventFast(rexmit_inconsistency, {
 			tcp_analyzer->BuildConnVal(),
 			new StringVal(b1_s),
 			new StringVal(b2_s),
@ -596,7 +596,7 @@ void TCP_Reassembler::DeliverBlock(uint64 seq, int len, const u_char* data)
 	if ( deliver_tcp_contents )
 		{
-		tcp_analyzer->ConnectionEvent(tcp_contents, {
+		tcp_analyzer->ConnectionEventFast(tcp_contents, {
 			tcp_analyzer->BuildConnVal(),
 			val_mgr->GetBool(IsOrig()),
 			val_mgr->GetCount(seq),
--- a/src/analyzer/protocol/udp/UDP.cc
+++ b/src/analyzer/protocol/udp/UDP.cc
@ -157,7 +157,7 @@ void UDP_Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 		if ( do_udp_contents )
 			{
-			ConnectionEvent(udp_contents, {
+			ConnectionEventFast(udp_contents, {
 				BuildConnVal(),
 				val_mgr->GetBool(is_orig),
 				new StringVal(len, (const char*) data),
--- a/src/analyzer/protocol/xmpp/xmpp-analyzer.pac
+++ b/src/analyzer/protocol/xmpp/xmpp-analyzer.pac
@ -32,6 +32,7 @@ refine connection XMPP_Conn += {
 		if ( !is_orig && ( token == "proceed" || token_no_ns == "proceed" ) && client_starttls )
 			{
 			bro_analyzer()->StartTLS();
 			if ( xmpp_starttls )
 				BifEvent::generate_xmpp_starttls(bro_analyzer(), bro_analyzer()->Conn());
 			}
 		else if ( !is_orig && token == "proceed" )
--- a/src/broker/Manager.cc
+++ b/src/broker/Manager.cc
@ -1016,7 +1016,7 @@ void Manager::ProcessEvent(const broker::topic& topic, broker::bro::Event ev)
 		}
 	if ( static_cast<size_t>(vl.length()) == args.size() )
-		mgr.QueueEvent(handler, std::move(vl), SOURCE_BROKER);
+		mgr.QueueEventFast(handler, std::move(vl), SOURCE_BROKER);
 	else
 		{
 		loop_over_list(vl, i)
@ -1247,6 +1247,9 @@ void Manager::ProcessStatus(broker::status stat)
 		break;
 	}
 	if ( ! event )
 		return;
 	auto ei = internal_type("Broker::EndpointInfo")->AsRecordType();
 	auto endpoint_info = new RecordVal(ei);
@ -1275,7 +1278,7 @@ void Manager::ProcessStatus(broker::status stat)
 	auto str = stat.message();
 	auto msg = new StringVal(str ? *str : "");
-	mgr.QueueEvent(event, {endpoint_info, msg});
+	mgr.QueueEventFast(event, {endpoint_info, msg});
 	}
 void Manager::ProcessError(broker::error err)
@ -1352,7 +1355,7 @@ void Manager::ProcessError(broker::error err)
 		msg = fmt("[%s] %s", caf::to_string(err.category()).c_str(), caf::to_string(err.context()).c_str());
 		}
-	mgr.QueueEvent(Broker::error, {
+	mgr.QueueEventFast(Broker::error, {
 		BifType::Enum::Broker::ErrorCode->GetVal(ec),
 		new StringVal(msg),
 	});
--- a/src/file_analysis/File.cc
+++ b/src/file_analysis/File.cc
@ -637,7 +637,7 @@ void File::FileEvent(EventHandlerPtr h, val_list* vl)
 void File::FileEvent(EventHandlerPtr h, val_list vl)
 	{
-	mgr.QueueEvent(h, std::move(vl));
+	mgr.QueueEventFast(h, std::move(vl));
 	if ( h == file_new || h == file_over_new_connection ||
 	     h == file_sniff ||
--- a/src/file_analysis/Manager.cc
+++ b/src/file_analysis/Manager.cc
@ -443,7 +443,7 @@ string Manager::GetFileID(analyzer::Tag tag, Connection* c, bool is_orig)
 	EnumVal* tagval = tag.AsEnumVal();
 	Ref(tagval);
-	mgr.QueueEvent(get_file_handle, {
+	mgr.QueueEventFast(get_file_handle, {
 		tagval,
 		c->BuildConnVal(),
 		val_mgr->GetBool(is_orig),
--- a/src/file_analysis/analyzer/data_event/DataEvent.cc
+++ b/src/file_analysis/analyzer/data_event/DataEvent.cc
@ -41,7 +41,7 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64 len, uint64 offset)
 	{
 	if ( ! chunk_event ) return true;
-	mgr.QueueEvent(chunk_event, {
+	mgr.QueueEventFast(chunk_event, {
 		GetFile()->GetVal()->Ref(),
 		new StringVal(new BroString(data, len, 0)),
 		val_mgr->GetCount(offset),
@ -54,7 +54,7 @@ bool DataEvent::DeliverStream(const u_char* data, uint64 len)
 	{
 	if ( ! stream_event ) return true;
-	mgr.QueueEvent(stream_event, {
+	mgr.QueueEventFast(stream_event, {
 		GetFile()->GetVal()->Ref(),
 		new StringVal(new BroString(data, len, 0)),
 	});
--- a/src/file_analysis/analyzer/entropy/Entropy.cc
+++ b/src/file_analysis/analyzer/entropy/Entropy.cc
@ -53,6 +53,9 @@ void Entropy::Finalize()
 	if ( ! fed )
 		return;
 	if ( ! file_entropy )
 		return;
 	double montepi, scc, ent, mean, chisq;
 	montepi = scc = ent = mean = chisq = 0.0;
 	entropy->Get(&ent, &chisq, &mean, &montepi, &scc);
@ -64,7 +67,7 @@ void Entropy::Finalize()
 	ent_result->Assign(3, new Val(montepi, TYPE_DOUBLE));
 	ent_result->Assign(4, new Val(scc,     TYPE_DOUBLE));
-	mgr.QueueEvent(file_entropy, {
+	mgr.QueueEventFast(file_entropy, {
 		GetFile()->GetVal()->Ref(),
 		ent_result,
 	});
--- a/src/file_analysis/analyzer/hash/Hash.cc
+++ b/src/file_analysis/analyzer/hash/Hash.cc
@ -48,7 +48,10 @@ void Hash::Finalize()
 	if ( ! hash->IsValid() || ! fed )
 		return;
-	mgr.QueueEvent(file_hash, {
+	if ( ! file_hash )
 		return;
 	mgr.QueueEventFast(file_hash, {
 		GetFile()->GetVal()->Ref(),
 		new StringVal(kind),
 		hash->Get(),
--- a/src/file_analysis/analyzer/unified2/unified2-analyzer.pac
+++ b/src/file_analysis/analyzer/unified2/unified2-analyzer.pac
@ -81,7 +81,7 @@ refine flow Flow += {
 			ids_event->Assign(11, to_port(${ev.dst_p}, ${ev.protocol}));
 			ids_event->Assign(17, val_mgr->GetCount(${ev.packet_action}));
-			mgr.QueueEvent(::unified2_event, {
+			mgr.QueueEventFast(::unified2_event, {
 					connection()->bro_analyzer()->GetFile()->GetVal()->Ref(),
 					ids_event,
 					},
@ -113,7 +113,7 @@ refine flow Flow += {
 			ids_event->Assign(15, val_mgr->GetCount(${ev.mpls_label}));
 			ids_event->Assign(16, val_mgr->GetCount(${ev.vlan_id}));
-			mgr.QueueEvent(::unified2_event, {
+			mgr.QueueEventFast(::unified2_event, {
 					connection()->bro_analyzer()->GetFile()->GetVal()->Ref(),
 					ids_event,
 					},
@ -135,7 +135,7 @@ refine flow Flow += {
 			packet->Assign(4, val_mgr->GetCount(${pkt.link_type}));
 			packet->Assign(5, bytestring_to_val(${pkt.packet_data}));
-			mgr.QueueEvent(::unified2_packet, {
+			mgr.QueueEventFast(::unified2_packet, {
 					connection()->bro_analyzer()->GetFile()->GetVal()->Ref(),
 					packet,
 					},
--- a/src/file_analysis/analyzer/x509/OCSP.cc
+++ b/src/file_analysis/analyzer/x509/OCSP.cc
@ -427,7 +427,8 @@ void file_analysis::OCSP::ParseRequest(OCSP_REQUEST* req)
 	// TODO: try to parse out general name ?
 #endif
-	mgr.QueueEvent(ocsp_request, {
+	if ( ocsp_request )
 		mgr.QueueEventFast(ocsp_request, {
 			GetFile()->GetVal()->Ref(),
 			val_mgr->GetCount(version),
 		});
@ -470,7 +471,8 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val)
 	const char *status_str = OCSP_response_status_str(OCSP_response_status(resp));
 	StringVal* status_val = new StringVal(strlen(status_str), status_str);
-	mgr.QueueEvent(ocsp_response_status, {
+	if ( ocsp_response_status )
 		mgr.QueueEventFast(ocsp_response_status, {
 			GetFile()->GetVal()->Ref(),
 			status_val->Ref(),
 		});
@ -491,12 +493,18 @@ void file_analysis::OCSP::ParseResponse(OCSP_RESPVal *resp_val)
 	// get the basic response
 	basic_resp = OCSP_response_get1_basic(resp);
 	if ( !basic_resp )
 		{
 		Unref(status_val);
 		goto clean_up;
 		}
 #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER)
 	resp_data = basic_resp->tbsResponseData;
 	if ( !resp_data )
 		{
 		Unref(status_val);
 		goto clean_up;
 		}
 #endif
 	vl.append(GetFile()->GetVal()->Ref());
--- a/src/file_analysis/analyzer/x509/X509.cc
+++ b/src/file_analysis/analyzer/x509/X509.cc
@ -220,6 +220,8 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex)
 	BASIC_CONSTRAINTS *constr = (BASIC_CONSTRAINTS *) X509V3_EXT_d2i(ex);
 	if ( constr )
 		{
 		if ( x509_ext_basic_constraints )
 			{
 			RecordVal* pBasicConstraint = new RecordVal(BifType::Record::X509::BasicConstraints);
 			pBasicConstraint->Assign(0, val_mgr->GetBool(constr->ca ? 1 : 0));
@ -227,10 +229,12 @@ void file_analysis::X509::ParseBasicConstraints(X509_EXTENSION* ex)
 			if ( constr->pathlen )
 				pBasicConstraint->Assign(1, val_mgr->GetCount((int32_t) ASN1_INTEGER_get(constr->pathlen)));
-		mgr.QueueEvent(x509_ext_basic_constraints, {
+			mgr.QueueEventFast(x509_ext_basic_constraints, {
 				GetFile()->GetVal()->Ref(),
 				pBasicConstraint,
 			});
 			}
 		BASIC_CONSTRAINTS_free(constr);
 		}
--- a/src/file_analysis/analyzer/x509/x509-extension.pac
+++ b/src/file_analysis/analyzer/x509/x509-extension.pac
@ -35,6 +35,9 @@ refine connection MockConnection += {
 	function proc_signedcertificatetimestamp(rec: HandshakeRecord, version: uint8, logid: const_bytestring, timestamp: uint64, digitally_signed_algorithms: SignatureAndHashAlgorithm, digitally_signed_signature: const_bytestring) : bool
 		%{
 		if ( ! x509_ocsp_ext_signed_certificate_timestamp )
 			return true;
 		BifEvent::generate_x509_ocsp_ext_signed_certificate_timestamp((analyzer::Analyzer *) bro_analyzer(),
 			bro_analyzer()->GetFile()->GetVal()->Ref(),
 			version,
--- a/src/logging/Manager.cc
+++ b/src/logging/Manager.cc
@ -715,7 +715,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns)
 	// Raise the log event.
 	if ( stream->event )
-		mgr.QueueEvent(stream->event, {columns->Ref()}, SOURCE_LOCAL);
+		mgr.QueueEventFast(stream->event, {columns->Ref()}, SOURCE_LOCAL);
 	// Send to each of our filters.
 	for ( list<Filter*>::iterator i = stream->filters.begin();
--- a/src/main.cc
+++ b/src/main.cc
@ -340,7 +340,7 @@ void terminate_bro()
 	EventHandlerPtr bro_done = internal_handler("bro_done");
 	if ( bro_done )
-		mgr.QueueEvent(bro_done, val_list{});
+		mgr.QueueEventFast(bro_done, val_list{});
 	timer_mgr->Expire();
 	mgr.Drain();
@ -1138,7 +1138,7 @@ int main(int argc, char** argv)
 	EventHandlerPtr bro_init = internal_handler("bro_init");
 	if ( bro_init )
-		mgr.QueueEvent(bro_init, val_list{});
+		mgr.QueueEventFast(bro_init, val_list{});
 	EventRegistry::string_list* dead_handlers =
 		event_registry->UnusedHandlers();
@ -1184,17 +1184,20 @@ int main(int argc, char** argv)
 	if ( override_ignore_checksums )
 		ignore_checksums = 1;
 	if ( bro_script_loaded )
 		{
 		// Queue events reporting loaded scripts.
 		for ( std::list<ScannedFile>::iterator i = files_scanned.begin(); i != files_scanned.end(); i++ )
 			{
 			if ( i->skipped )
 				continue;
-		mgr.QueueEvent(bro_script_loaded, {
+			mgr.QueueEventFast(bro_script_loaded, {
 				new StringVal(i->name.c_str()),
 				val_mgr->GetCount(i->include_level),
 			});
 			}
 		}
 	reporter->ReportViaEvents(true);
		`@ -1 +1 @@`
			`Subproject commit 44622332fb1361383799be33e365704caacce199`				`Subproject commit 33cde13264825df906668b608017e65f4ffbc12a`