diff --git a/src/log-pcap.c b/src/log-pcap.c
index 5cb4c30626..fee617073e 100644
--- a/src/log-pcap.c
+++ b/src/log-pcap.c
@@ -27,6 +27,7 @@
 #include "suricata-common.h"
 #include "util-buffer.h"
 #include "util-fmemopen.h"
+#include "util-datalink.h"
 #include "stream-tcp-util.h"
 
 #ifdef HAVE_LIBLZ4
@@ -1074,6 +1075,30 @@ static TmEcode PcapLogDataInit(ThreadVars *t, const void *initdata, void **data)
         td->pcap_log = pl;
     BUG_ON(td->pcap_log == NULL);
 
+    if (DatalinkHasMultipleValues()) {
+        if (pl->mode != LOGMODE_MULTI) {
+            FatalError(SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT,
+                    "Pcap logging with multiple link type is not supported.");
+        } else {
+            /* In multi mode, only pcap conditional is not supported as a flow timeout
+             * will trigger packet logging with potentially invalid datalink. In regular
+             * pcap logging, the logging should be done in the same thread if we
+             * have a proper load balancing. So no mix of datalink should occur. But we need a
+             * proper load balancing so this needs at least a warning.
+             */
+            switch (pl->conditional) {
+                case LOGMODE_COND_ALERTS:
+                case LOGMODE_COND_TAG:
+                    FatalError(SC_ERR_PCAP_MULTI_DEV_NO_SUPPORT,
+                            "Can't have multiple link types in pcap conditional mode.");
+                    break;
+                default:
+                    SCLogWarning(SC_WARN_COMPATIBILITY,
+                            "Using multiple link types can result in invalid pcap output");
+            }
+        }
+    }
+
     PcapLogLock(td->pcap_log);
 
     /** Use the Ouptut Context (file pointer and mutex) */