diff --git a/src/alert-debuglog.c b/src/alert-debuglog.c
index df2532271f..76db5d9e56 100644
--- a/src/alert-debuglog.c
+++ b/src/alert-debuglog.c
@@ -372,7 +372,7 @@ TmEcode AlertDebugLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, P
         return AlertDebugLogIPv4(tv, p, data, pq, postpq);
     } else if (PKT_IS_IPV6(p)) {
         return AlertDebugLogIPv6(tv, p, data, pq, postpq);
-    } else {
+    } else if (p->events.cnt > 0) {
         return AlertDebugLogDecoderEvent(tv, p, data, pq, postpq);
     }
 
diff --git a/src/alert-fastlog.c b/src/alert-fastlog.c
index fb701399fc..c82f982b73 100644
--- a/src/alert-fastlog.c
+++ b/src/alert-fastlog.c
@@ -252,7 +252,7 @@ TmEcode AlertFastLog (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa
         return AlertFastLogIPv4(tv, p, data, pq, postpq);
     } else if (PKT_IS_IPV6(p)) {
         return AlertFastLogIPv6(tv, p, data, pq, postpq);
-    } else {
+    } else if (p->events.cnt > 0) {
         return AlertFastLogDecoderEvent(tv, p, data, pq, postpq);
     }
 
diff --git a/src/detect.c b/src/detect.c
index 16ed751f04..280033ea2b 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -1184,6 +1184,9 @@ int SignatureIsAppLayer(DetectEngineCtx *de_ctx, Signature *s) {
  *  \retval 0 sig is not ip only
  */
 int SignatureIsIPOnly(DetectEngineCtx *de_ctx, Signature *s) {
+    if (s->alproto != ALPROTO_UNKNOWN)
+        return 0;
+
     /* for tcp/udp, only consider sigs that don't have ports set, as ip-only */
     if (!(s->proto.flags & DETECT_PROTO_ANY)) {
         if (s->proto.proto[IPPROTO_TCP / 8] & (1 << (IPPROTO_TCP % 8)) ||
@@ -1267,6 +1270,9 @@ static int SignatureIsInspectingPayload(DetectEngineCtx *de_ctx, Signature *s) {
  *  \retval 1 DEOnly sig
  */
 static int SignatureIsDEOnly(DetectEngineCtx *de_ctx, Signature *s) {
+    if (s->alproto != ALPROTO_UNKNOWN)
+        return 0;
+
     if (s->pmatch != NULL)
         return 0;