diff --git a/CHANGES b/CHANGES
index e6997afb51..38107c9364 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,30 @@
+
+3.3.0-dev.534 | 2020-11-12 14:31:10 -0800
+
+  * Move UnknownProtocol options to init-bare.zeek (Jon Siwek, Corelight)
+
+    Otherwise the `unknown_protocol` event cannot be used independently
+    from `policy/mic/unknown-protocols.zeek`.
+
+  * Coverity 1436183: Initialize packet_analysis::Manager fields (Jon Siwek, Corelight)
+
+  * GH-1273: Change SizeExpr to yield "any" type when operating on "any" (Jon Siwek, Corelight)
+
+  * Add enum_names() BIF to return names of an enum type's values (Jon Siwek, Corelight)
+
+  * Add type_aliases() BIF for introspecting type-names of types/values (Jon Siwek, Corelight)
+
+  * Change Type::type_aliases map to store IntrusivePtr (Jon Siwek, Corelight)
+
+    And deprecate Type::GetAliases() and Type::AddAlias() since they
+    took raw pointers.  Now replaced with Type::Aliases() and
+    Type::RegisterAlias().
+
+  * Fix lookup_ID() BIF to return enum values (Jon Siwek, Corelight)
+
+    Looking up an enum value from a string equal to its name previously
+    returned "<no ID value>".
+
 3.3.0-dev.524 | 2020-11-12 12:16:00 -0700
 
   * Move 'using namespace' declaration after other includes (Tim Wojtulewicz, Corelight)
diff --git a/VERSION b/VERSION
index 5883d442bf..94b4ccf195 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-3.3.0-dev.524
+3.3.0-dev.534
diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek
index 7257c2a16e..34795cc2da 100644
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@@ -5367,6 +5367,28 @@ export {
 	option sampling_duration = 10min;
 }
 
+module UnknownProtocol;
+export {
+	## How many reports for an analyzer/protocol pair will be allowed to
+	## raise events before becoming rate-limited.
+	const sampling_threshold : count = 3 &redef;
+
+	## The rate-limiting sampling rate. One out of every of this number of
+	## rate-limited pairs of a given type will be allowed to raise events
+	## for further script-layer handling. Setting the sampling rate to 0
+	## will disable all output of rate-limited pairs.
+	const sampling_rate : count = 100000 &redef;
+
+	## How long an analyzer/protocol pair is allowed to keep state/counters in
+	## in memory. Once the threshold has been hit, this is the amount of time
+	## before the rate-limiting for a pair expires and is reset.
+	const sampling_duration = 1hr &redef;
+
+	## The number of bytes to extract from the next header and log in the
+	## first bytes field.
+	const first_bytes_count = 10 &redef;
+}
+
 module BinPAC;
 export {
 	## Maximum capacity, in bytes, that the BinPAC flowbuffer is allowed to
diff --git a/scripts/policy/misc/unknown-protocols.zeek b/scripts/policy/misc/unknown-protocols.zeek
index 000fc02107..df510d9846 100644
--- a/scripts/policy/misc/unknown-protocols.zeek
+++ b/scripts/policy/misc/unknown-protocols.zeek
@@ -26,25 +26,6 @@ export {
 		## header.
 		first_bytes:  string   &log;
 	};
-
-	## How many reports for an analyzer/protocol pair will be allowed to
-	## raise events before becoming rate-limited.
-	const sampling_threshold : count = 3 &redef;
-
-	## The rate-limiting sampling rate. One out of every of this number of
-	## rate-limited pairs of a given type will be allowed to raise events
-	## for further script-layer handling. Setting the sampling rate to 0
-	## will disable all output of rate-limited pairs.
-	const sampling_rate : count = 100000 &redef;
-
-	## How long an analyzer/protocol pair is allowed to keep state/counters in
-	## in memory. Once the threshold has been hit, this is the amount of time
-	## before the rate-limiting for a pair expires and is reset.
-	const sampling_duration = 1hr &redef;
-
-	## The number of bytes to extract from the next header and log in the
-	## first bytes field.
-	const first_bytes_count = 10 &redef;
 }
 
 event unknown_protocol(analyzer_name: string, protocol: count, first_bytes: string)
diff --git a/src/packet_analysis/Manager.cc b/src/packet_analysis/Manager.cc
index 2e1ebf89cd..05919ab7df 100644
--- a/src/packet_analysis/Manager.cc
+++ b/src/packet_analysis/Manager.cc
@@ -44,13 +44,10 @@ void Manager::InitPostScript()
 		                                          detail::pkt_profile_freq,
 		                                          pkt_profile_file->AsFile());
 
-	if ( unknown_protocol )
-		{
-		unknown_sampling_rate = id::find_val("UnknownProtocol::sampling_rate")->AsCount();
-		unknown_sampling_threshold = id::find_val("UnknownProtocol::sampling_threshold")->AsCount();
-		unknown_sampling_duration = id::find_val("UnknownProtocol::sampling_duration")->AsInterval();
-		unknown_first_bytes_count = id::find_val("UnknownProtocol::first_bytes_count")->AsCount();
-		}
+	unknown_sampling_rate = id::find_val("UnknownProtocol::sampling_rate")->AsCount();
+	unknown_sampling_threshold = id::find_val("UnknownProtocol::sampling_threshold")->AsCount();
+	unknown_sampling_duration = id::find_val("UnknownProtocol::sampling_duration")->AsInterval();
+	unknown_first_bytes_count = id::find_val("UnknownProtocol::first_bytes_count")->AsCount();
 	}
 
 void Manager::Done()
diff --git a/src/packet_analysis/Manager.h b/src/packet_analysis/Manager.h
index c675f5919b..218583b663 100644
--- a/src/packet_analysis/Manager.h
+++ b/src/packet_analysis/Manager.h
@@ -143,10 +143,10 @@ private:
 	using UnknownProtocolPair = std::pair<std::string, uint32_t>;
 	std::map<UnknownProtocolPair, uint64_t> unknown_protocols;
 
-	uint64_t unknown_sampling_threshold;
-	uint64_t unknown_sampling_rate;
-	double unknown_sampling_duration;
-	uint64_t unknown_first_bytes_count;
+	uint64_t unknown_sampling_threshold = 0;
+	uint64_t unknown_sampling_rate = 0;
+	double unknown_sampling_duration = 0;
+	uint64_t unknown_first_bytes_count = 0;
 };
 
 } // namespace packet_analysis
diff --git a/testing/btest/Baseline/core.unknown-protocol-event/out b/testing/btest/Baseline/core.unknown-protocol-event/out
new file mode 100644
index 0000000000..0cdfa29213
--- /dev/null
+++ b/testing/btest/Baseline/core.unknown-protocol-event/out
@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ETHERNET, 35020, 02070400222d81db1004
diff --git a/testing/btest/Traces/lldp.pcap b/testing/btest/Traces/lldp.pcap
new file mode 100644
index 0000000000..b74c247ebb
Binary files /dev/null and b/testing/btest/Traces/lldp.pcap differ
diff --git a/testing/btest/core/unknown-protocol-event.zeek b/testing/btest/core/unknown-protocol-event.zeek
new file mode 100644
index 0000000000..c043217da4
--- /dev/null
+++ b/testing/btest/core/unknown-protocol-event.zeek
@@ -0,0 +1,6 @@
+# @TEST-EXEC: zeek -b -r $TRACES/lldp.pcap %INPUT >out
+# @TEST-EXEC: btest-diff out
+
+event unknown_protocol(analyzer_name: string, protocol: count, first_bytes: string)
+	{ print analyzer_name, protocol, bytestring_to_hexstr(first_bytes); }
+