[Bro] [bro] smtp log strangeness

Seth Hall seth at icir.org
Sun Apr 3 12:12:10 PDT 2016

> On Mar 25, 2016, at 12:49 PM, Jan Grashöfer <jan.grashoefer at gmail.com> wrote:
>> Why am I getting all of this extra info in these fields?
> The subject headers seem to look that strange to support other encodings
> than ASCII (see

Yep!  There is a hacky script I wrote a while to deal with this stuff too (we need to integrate it into the analyzer at some point though)

If you load that script, it adds another field to smtp.log named "decoded_subject".


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list