diff --git a/src/logging/Manager.cc b/src/logging/Manager.cc
index ce32165177..83fe474690 100644
--- a/src/logging/Manager.cc
+++ b/src/logging/Manager.cc
@@ -875,7 +875,7 @@ bool Manager::Write(EnumVal* id, RecordVal* columns)
 					if ( (val = filter->field_name_map->Lookup(fn, false)) != 0 )
 						{
 						delete [] filter->fields[j]->name;
-						filter->fields[j]->name = val->AsStringVal()->CheckString();
+						filter->fields[j]->name = copy_string(val->AsStringVal()->CheckString());
 						}
 					delete fn;
 					}
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.field-name-map2/conn.log b/testing/btest/Baseline/scripts.base.frameworks.logging.field-name-map2/conn.log
new file mode 100644
index 0000000000..1c3ca4480d
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.field-name-map2/conn.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open	2018-09-11-00-03-40
+#fields	ts	uid	src_ip	src_port	dst_ip	dst_port	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
+1427304960.695733	CHhAvVGS1DHFjwGM9	192.168.1.2	49159	192.168.1.1	20000	tcp	-	0.463113	120	0	S0	-	-	0	SAD	5	332	0	0	-
+#close	2018-09-11-00-03-40
diff --git a/testing/btest/Traces/auth_change_session_keys.pcap b/testing/btest/Traces/auth_change_session_keys.pcap
new file mode 100644
index 0000000000..32ff0f7151
Binary files /dev/null and b/testing/btest/Traces/auth_change_session_keys.pcap differ
diff --git a/testing/btest/scripts/base/frameworks/logging/field-name-map2.bro b/testing/btest/scripts/base/frameworks/logging/field-name-map2.bro
new file mode 100644
index 0000000000..e51bcd6580
--- /dev/null
+++ b/testing/btest/scripts/base/frameworks/logging/field-name-map2.bro
@@ -0,0 +1,15 @@
+# @TEST-EXEC: bro -b -r $TRACES/auth_change_session_keys.pcap %INPUT
+# @TEST-EXEC: btest-diff conn.log
+
+# The other tests of Log::default_field_name_map used to not catch an invalid
+# memory free for some reason, but this test did reproduce a crash
+# consistently (now fixed).
+
+@load base/protocols/conn
+
+redef Log::default_field_name_map = {
+	["id.orig_h"] = "src_ip",
+	["id.orig_p"] = "src_port",
+	["id.resp_h"] = "dst_ip",
+	["id.resp_p"] = "dst_port"
+};