diff --git a/etc/schema.json b/etc/schema.json
index 4767aff34ad4..30b308472d30 100644
--- a/etc/schema.json
+++ b/etc/schema.json
@@ -4350,6 +4350,21 @@
                     "type": "string",
                     "description": "Date of the end of the flow"
                 },
+                "exception_policy": {
+                    "type": "array",
+                    "properties": {
+                        "policy": {
+                            "type": "string",
+                            "description": "Which exception policy was applied"
+                        },
+                        "target": {
+                            "type": "string",
+                            "description": "What triggered the exception"
+                        }
+                    },
+                    "description":
+                            "The exception policy(ies) triggered by the flow. Not logged if none was triggered"
+                },
                 "max_ttl": {
                     "type": "integer",
                     "description": "Maximum observed Time-To-Live (TTL) value"
diff --git a/src/output-json-flow.c b/src/output-json-flow.c
index 4f8c9a5ecf0d..22f0322cae91 100644
--- a/src/output-json-flow.c
+++ b/src/output-json-flow.c
@@ -226,7 +226,7 @@ void EveAddFlow(Flow *f, SCJsonBuilder *js)
     SCJbSetString(js, "start", timebuf1);
 }
 
-static void EveExceptionPolicyLog(SCJsonBuilder *js, uint16_t flag)
+void EveExceptionPolicyLog(SCJsonBuilder *js, uint16_t flag)
 {
     if (flag & EXCEPTION_TARGET_FLAG_DEFRAG_MEMCAP) {
         SCJbStartObject(js);
diff --git a/src/output-json-flow.h b/src/output-json-flow.h
index 4524370d11a7..68c62a030c23 100644
--- a/src/output-json-flow.h
+++ b/src/output-json-flow.h
@@ -27,5 +27,6 @@
 void JsonFlowLogRegister(void);
 void EveAddFlow(Flow *f, SCJsonBuilder *js);
 void EveAddAppProto(Flow *f, SCJsonBuilder *js);
+void EveExceptionPolicyLog(SCJsonBuilder *js, uint16_t flag);
 
 #endif /* SURICATA_OUTPUT_JSON_FLOW_H */
diff --git a/src/output-json-netflow.c b/src/output-json-netflow.c
index dec777b86dcb..4ce06278c005 100644
--- a/src/output-json-netflow.c
+++ b/src/output-json-netflow.c
@@ -46,6 +46,7 @@
 #include "util-logopenfile.h"
 #include "util-time.h"
 #include "output-json.h"
+#include "output-json-flow.h"
 #include "output-json-netflow.h"
 
 #include "stream-tcp-private.h"
@@ -211,6 +212,12 @@ static void NetFlowLogEveToServer(SCJsonBuilder *js, Flow *f)
         }
     }
 
+    if (f->applied_exception_policy != 0) {
+        SCJbOpenArray(js, "exception_policy");
+        EveExceptionPolicyLog(js, f->applied_exception_policy);
+        SCJbClose(js); /* close array */
+    }
+
     /* Close netflow. */
     SCJbClose(js);
 
@@ -264,6 +271,12 @@ static void NetFlowLogEveToClient(SCJsonBuilder *js, Flow *f)
         }
     }
 
+    if (f->applied_exception_policy != 0) {
+        SCJbOpenArray(js, "exception_policy");
+        EveExceptionPolicyLog(js, f->applied_exception_policy);
+        SCJbClose(js); /* close array */
+    }
+
     /* Close netflow. */
     SCJbClose(js);