diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index 03202983eb..e785337e9f 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -70,13 +70,14 @@
 
 #ifdef HAVE_LIBJANSSON
 
-#define LOG_JSON_PAYLOAD 1
-#define LOG_JSON_PACKET 2
-#define LOG_JSON_PAYLOAD_BASE64 4
-#define LOG_JSON_HTTP 8
-#define LOG_JSON_TLS 16
-#define LOG_JSON_SSH 32
-#define LOG_JSON_SMTP 64
+#define LOG_JSON_PAYLOAD        0x01
+#define LOG_JSON_PACKET         0x02
+#define LOG_JSON_PAYLOAD_BASE64 0x04
+#define LOG_JSON_HTTP           0x08
+#define LOG_JSON_TLS            0x10
+#define LOG_JSON_SSH            0x20
+#define LOG_JSON_SMTP           0x40
+#define LOG_JSON_TAGGED_PACKETS 0x80
 
 #define JSON_STREAM_BUFFER_SIZE 4096
 
@@ -382,7 +383,8 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
     json_object_clear(js);
     json_decref(js);
 
-    if (p->flags & PKT_HAS_TAG) {
+    if ((p->flags & PKT_HAS_TAG) && (json_output_ctx->flags &
+            LOG_JSON_TAGGED_PACKETS)) {
         MemBufferReset(aft->json_buffer);
         json_t *packetjs = CreateJSONHeader((Packet *)p, 0, "packet");
         if (unlikely(packetjs != NULL)) {
@@ -595,6 +597,7 @@ static void XffSetup(AlertJsonOutputCtx *json_output_ctx, ConfNode *conf)
         const char *tls = ConfNodeLookupChildValue(conf, "tls");
         const char *ssh = ConfNodeLookupChildValue(conf, "ssh");
         const char *smtp = ConfNodeLookupChildValue(conf, "smtp");
+        const char *tagged_packets = ConfNodeLookupChildValue(conf, "tagged-packets");
 
         if (ssh != NULL) {
             if (ConfValIsTrue(ssh)) {
@@ -642,6 +645,11 @@ static void XffSetup(AlertJsonOutputCtx *json_output_ctx, ConfNode *conf)
                 json_output_ctx->flags |= LOG_JSON_PACKET;
             }
         }
+        if (tagged_packets != NULL) {
+            if (ConfValIsTrue(tagged_packets)) {
+                json_output_ctx->flags |= LOG_JSON_TAGGED_PACKETS;
+            }
+        }
 
 	json_output_ctx->payload_buffer_size = payload_buffer_size;
         HttpXFFGetCfg(conf, xff_cfg);
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 5d87be9902..18217d8320 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -164,6 +164,10 @@ outputs:
             ssh: yes                 # enable dumping of ssh fields
             smtp: yes                # enable dumping of smtp fields
 
+            # Enable the logging of tagged packets for rules using the
+            # "tag" keyword.
+            tagged-packets: yes
+
             # HTTP X-Forwarded-For support by adding an extra field or overwriting
             # the source or destination IP address (depending on flow direction)
             # with the one reported in the X-Forwarded-For HTTP header. This is