diff --git a/doc/userguide/output/eve/eve-json-output.rst b/doc/userguide/output/eve/eve-json-output.rst
index 936027ee8e..ca5e96dc62 100644
--- a/doc/userguide/output/eve/eve-json-output.rst
+++ b/doc/userguide/output/eve/eve-json-output.rst
@@ -59,6 +59,7 @@ Metadata::
             # packet: yes              # enable dumping of packet (without stream segments)
             # http-body: yes           # enable dumping of http body in Base64
             # http-body-printable: yes # enable dumping of http body in printable format
+            # rule: yes                # enable dumping of signature definition
             metadata: yes              # add L7/applayer fields, flowbit and other vars to the alert
 
 Alternatively to the `metadata` key it is also possible to select the application
diff --git a/doc/userguide/partials/eve-log.yaml b/doc/userguide/partials/eve-log.yaml
index 98e4e8bf8b..b50620f972 100644
--- a/doc/userguide/partials/eve-log.yaml
+++ b/doc/userguide/partials/eve-log.yaml
@@ -38,6 +38,8 @@ outputs:
             # http-body: yes           # enable dumping of http body in Base64
             # http-body-printable: yes # enable dumping of http body in printable format
 
+            # rule: yes                # enable dumping of signature definition
+
             # Include extra data in alert records like the app-layer
             # information and flow records. Default: yes.
             #metadata: yes
diff --git a/src/detect-parse.c b/src/detect-parse.c
index b7e2ac4add..c300867f31 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1110,7 +1110,10 @@ int SigParse(DetectEngineCtx *de_ctx, Signature *s, const char *sigstr, uint8_t
     SignatureParser parser;
     memset(&parser, 0x00, sizeof(parser));
 
-    s->sig_str = sigstr;
+    s->sig_str = SCStrdup(sigstr);
+    if (unlikely(s->sig_str == NULL)) {
+        SCReturnInt(-1);
+    }
 
     int ret = SigParseBasics(de_ctx, s, sigstr, &parser, addrs_direction);
     if (ret < 0) {
@@ -1139,8 +1142,6 @@ int SigParse(DetectEngineCtx *de_ctx, Signature *s, const char *sigstr, uint8_t
         } while (ret == 1);
     }
 
-    s->sig_str = NULL;
-
     DetectIPProtoRemoveAllSMs(s);
 
     SCReturnInt(ret);
@@ -1322,6 +1323,9 @@ void SigFree(Signature *s)
     if (s->addr_dst_match6 != NULL) {
         SCFree(s->addr_dst_match6);
     }
+    if (s->sig_str != NULL) {
+        SCFree(s->sig_str);
+    }
 
     SigRefFree(s);
     SigMetadataFree(s);
diff --git a/src/detect.h b/src/detect.h
index b58be1910e..e5e1f7c268 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -461,9 +461,7 @@ typedef struct Signature_ {
     /** Metadata */
     DetectMetadata *metadata;
 
-    /* Be careful, this pointer is only valid while parsing the sig,
-     * to warn the user about any possible problem */
-    const char *sig_str;
+    char *sig_str;
 
     SignatureInitData *init_data;
 
diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index 030091c752..60127ffc55 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -87,6 +87,7 @@
 #define LOG_JSON_HTTP_BODY         BIT_U16(6)
 #define LOG_JSON_HTTP_BODY_BASE64  BIT_U16(7)
 #define LOG_JSON_RULE_METADATA     BIT_U16(8)
+#define LOG_JSON_RULE              BIT_U16(9)
 
 #define LOG_JSON_METADATA (LOG_JSON_APP_LAYER | LOG_JSON_FLOW)
 
@@ -541,6 +542,13 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
             AlertJsonPacket(p, js);
         }
 
+        /* signature text */
+        if (json_output_ctx->flags & LOG_JSON_RULE) {
+            hjs = json_object_get(js, "alert");
+            if (json_is_object(hjs))
+                json_object_set_new(hjs, "rule", json_string(pa->s->sig_str));
+        }
+
         HttpXFFCfg *xff_cfg = json_output_ctx->xff_cfg;
 
         /* xff header */
@@ -814,6 +822,7 @@ static void XffSetup(AlertJsonOutputCtx *json_output_ctx, ConfNode *conf)
         SetFlag(conf, "payload-printable", LOG_JSON_PAYLOAD, &flags);
         SetFlag(conf, "http-body-printable", LOG_JSON_HTTP_BODY, &flags);
         SetFlag(conf, "http-body", LOG_JSON_HTTP_BODY_BASE64, &flags);
+        SetFlag(conf, "rule", LOG_JSON_RULE, &flags);
 
         ConfNode *rmetadata = ConfNodeLookupChild(conf, "rule-metadata");
         if (rmetadata != NULL) {
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 2b52fa3592..f49a13cfeb 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -175,9 +175,12 @@ outputs:
             # packet: yes              # enable dumping of packet (without stream segments)
             # http-body: yes           # enable dumping of http body in Base64
             # http-body-printable: yes # enable dumping of http body in printable format
+
             rule-metadata:             # dumping of key/value pairs defined by metadata keyword of rule
               enabled: no              # set to yes to enable
 
+            # rule: yes                # enable dumping of signature definition
+
             # Enable the logging of tagged packets for rules using the
             # "tag" keyword.
             tagged-packets: yes