[Bro] [bro] smtp log strangeness
Seth Hall
seth at icir.org
Sun Apr 3 12:12:10 PDT 2016
> On Mar 25, 2016, at 12:49 PM, Jan Grashöfer <jan.grashoefer at gmail.com> wrote:
>
>> Why am I getting all of this extra info in these fields?
>
> The subject headers seem to look that strange to support other encodings
> than ASCII (see
Yep! There is a hacky script I wrote a while to deal with this stuff too (we need to integrate it into the analyzer at some point though)
https://github.com/sethhall/bro-junk-drawer/blob/master/smtp-decode-encoded-word-subjects.bro
If you load that script, it adds another field to smtp.log named "decoded_subject".
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list