diff --git a/pkg/acquisition/modules/waf/utils.go b/pkg/acquisition/modules/waf/utils.go
index 879557477..a6a5b534f 100644
--- a/pkg/acquisition/modules/waf/utils.go
+++ b/pkg/acquisition/modules/waf/utils.go
@@ -44,7 +44,11 @@ func RuleMatchToEvent(rule corazatypes.MatchedRule, tx corazatypes.Transaction,
 	//def needs fixing
 	evt.Stage = "s00-raw"
 	evt.Process = true
-	log.Infof("SOURCE IP: %+v", rule)
+	log.WithFields(log.Fields{
+		"module": "waf",
+		"source": rule.ClientIPAddress(),
+		"id":     rule.Rule().ID(),
+	}).Infof("%s", rule.Message())
 	//we build a big-ass object that is going to be marshaled in line.raw and unmarshaled later.
 	//why ? because it's more consistent with the other data-sources etc. and it provides users with flexibility to alter our parsers
 	CorazaEvent := map[string]interface{}{