[Bro] How to convert name field in smb_files.log to "readable" string?
Azoff, Justin S
jazoff at illinois.edu
Thu Nov 30 10:47:34 PST 2017
> On Nov 30, 2017, at 12:18 PM, Seth Hall <seth at corelight.com> wrote:
> I've been thinking about how to handle this for a while. The data that
> is being written into the log is technically already UTF-8, it's just
> that non-ascii bytes are escaped.
> I think we can deal with this by making a switch for the logs to make
> them "UTF-8". It would incur a bit of overhead because each string
> would have to be scanned for valid UTF-8 characters before being written
> and then only non-valid bytes would be escaped.
Does the json log writer make this simpler for users? I think bro writes out valid json for this,
so any json parser should give you proper UTF-8 strings.
More information about the Bro