diff --git a/rust/cbindgen.toml b/rust/cbindgen.toml
index d53fd7f235..dfcf8d03d5 100644
--- a/rust/cbindgen.toml
+++ b/rust/cbindgen.toml
@@ -71,7 +71,10 @@ documentation_style = "doxy"
 # found but otherwise don't appear to be used by the public API.
 #
 # default: []
-include = ["AppLayerGetTxIterTuple"]
+include = [
+    "AppLayerGetTxIterTuple",
+    "SIPState",
+]
 
 # A list of items to not include in the generated bindings
 # default: []
diff --git a/rust/src/sip/log.rs b/rust/src/sip/log.rs
index 1c1813366e..d7efbd8927 100644
--- a/rust/src/sip/log.rs
+++ b/rust/src/sip/log.rs
@@ -17,41 +17,38 @@
 
 // written by Giuseppe Longo <giuseppe@glongo.it>
 
-use crate::json::*;
-use crate::sip::sip::{SIPState, SIPTransaction};
+use crate::jsonbuilder::{JsonBuilder, JsonError};
+use crate::sip::sip::SIPTransaction;
 
-#[no_mangle]
-pub extern "C" fn rs_sip_log_json(_state: &mut SIPState, tx: &mut SIPTransaction) -> *mut JsonT {
-    let js = Json::object();
-
-    match tx.request {
-        Some(ref req) => {
-            js.set_string("method", &req.method);
-            js.set_string("uri", &req.path);
-            js.set_string("version", &req.version);
-        }
-        None => {}
+fn log(tx: &SIPTransaction, js: &mut JsonBuilder) -> Result<(), JsonError> {
+    js.open_object("sip")?;
+
+    if let Some(req) = &tx.request {
+        js.set_string("method", &req.method)?
+            .set_string("uri", &req.path)?
+            .set_string("version", &req.version)?;
     }
-    match tx.request_line {
-        Some(ref req_line) => {
-            js.set_string("request_line", &req_line);
-        }
-        None => {}
+
+    if let Some(req_line) = &tx.request_line {
+        js.set_string("request_line", &req_line)?;
     }
-    match tx.response {
-        Some(ref resp) => {
-            js.set_string("version", &resp.version);
-            js.set_string("code", &resp.code);
-            js.set_string("reason", &resp.reason);
-        }
-        None => {}
+
+    if let Some(resp) = &tx.response {
+        js.set_string("version", &resp.version)?
+            .set_string("code", &resp.code)?
+            .set_string("reason", &resp.reason)?;
     }
-    match tx.response_line {
-        Some(ref resp_line) => {
-            js.set_string("response_line", &resp_line);
-        }
-        None => {}
+
+    if let Some(resp_line) = &tx.response_line {
+        js.set_string("response_line", &resp_line)?;
     }
 
-    return js.unwrap();
+    js.close()?;
+
+    Ok(())
 }
+
+#[no_mangle]
+pub extern "C" fn rs_sip_log_json(tx: &mut SIPTransaction, js: &mut JsonBuilder) -> bool {
+    log(tx, js).is_ok()
+}
\ No newline at end of file
diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index fed8b3c2b7..cbe6fb228e 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -531,11 +531,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
                     }
                     break;
                 case ALPROTO_SIP:
-                    hjs = JsonSIPAddMetadata(p->flow, pa->tx_id);
-                    if (hjs) {
-                        jb_set_jsont(jb, "sip", hjs);
-                        json_decref(hjs);
-                    }
+                    JsonSIPAddMetadata(jb, p->flow, pa->tx_id);
                     break;
                 case ALPROTO_RFB:
                     hjs = JsonRFBAddMetadata(p->flow, pa->tx_id);
diff --git a/src/output-json-sip.c b/src/output-json-sip.c
index bc8e066de0..3fa4d3595e 100644
--- a/src/output-json-sip.c
+++ b/src/output-json-sip.c
@@ -59,17 +59,15 @@ typedef struct LogSIPLogThread_ {
     MemBuffer          *buffer;
 } LogSIPLogThread;
 
-json_t *JsonSIPAddMetadata(const Flow *f, uint64_t tx_id)
+void JsonSIPAddMetadata(JsonBuilder *js, const Flow *f, uint64_t tx_id)
 {
     SIPState *state = FlowGetAppState(f);
     if (state) {
         SIPTransaction *tx = AppLayerParserGetTx(f->proto, ALPROTO_SIP, state, tx_id);
         if (tx) {
-            return rs_sip_log_json(state, tx);
+            rs_sip_log_json(tx, js);
         }
     }
-
-    return NULL;
 }
 
 static int JsonSIPLogger(ThreadVars *tv, void *thread_data,
@@ -77,29 +75,28 @@ static int JsonSIPLogger(ThreadVars *tv, void *thread_data,
 {
     SIPTransaction *siptx = tx;
     LogSIPLogThread *thread = thread_data;
-    json_t *js, *sipjs;
 
-    js = CreateJSONHeader(p, LOG_DIR_PACKET, "sip", NULL);
+    JsonBuilder *js = CreateEveHeader((Packet *)p, LOG_DIR_PACKET, "sip", NULL);
     if (unlikely(js == NULL)) {
-        return TM_ECODE_FAILED;
+        return TM_ECODE_OK;
     }
+    EveAddCommonOptions(&thread->siplog_ctx->cfg, p, f, js);
 
-    JsonAddCommonOptions(&thread->siplog_ctx->cfg, p, f, js);
-
-    sipjs = rs_sip_log_json(state, siptx);
-    if (unlikely(sipjs == NULL)) {
-      goto error;
+    if (!rs_sip_log_json(siptx, js)) {
+        goto error;
+    }
+    if (!jb_close(js)) {
+        goto error;
     }
-    json_object_set_new(js, "sip", sipjs);
 
     MemBufferReset(thread->buffer);
-    OutputJSONBuffer(js, thread->siplog_ctx->file_ctx, &thread->buffer);
+    OutputJsonBuilderBuffer(js, thread->siplog_ctx->file_ctx, &thread->buffer);
+    jb_free(js);
 
-    json_decref(js);
     return TM_ECODE_OK;
 
 error:
-    json_decref(js);
+    jb_free(js);
     return TM_ECODE_FAILED;
 }
 
diff --git a/src/output-json-sip.h b/src/output-json-sip.h
index bc8836dad6..60145dab5b 100644
--- a/src/output-json-sip.h
+++ b/src/output-json-sip.h
@@ -26,6 +26,6 @@
 
 void JsonSIPLogRegister(void);
 
-json_t *JsonSIPAddMetadata(const Flow *f, uint64_t tx_id);
+void JsonSIPAddMetadata(JsonBuilder *js, const Flow *f, uint64_t tx_id);
 
 #endif /* __OUTPUT_JSON_SIP_H__ */