[Bro] SMB Language

[Izik Birka]

Can I add utf-8 encoding to bro ?
Is there other option ?

 I'm forward the log file to SIEM system , and it's not readable in that way

Thanks



-----Original Message-----
From: Azoff, Justin S [mailto:jazoff at illinois.edu] 
Sent: Tuesday, February 14, 2017 4:16 PM
To: Izik Birka <Izik.Birka at hot.net.il>
Cc: bro at bro.org
Subject: Re: [Bro] SMB Language


> On Feb 14, 2017, at 2:36 AM, Izik Birka <Izik.Birka at hot.net.il> wrote:
> 
> Hi
> Just enable SMB analyzer , works great
>  
> I have a problem with the Hebrew language , it's looks like it's not supported , I'm getting  this files name in log file :
>  
> Test\hello\\\xd7\x92\xd7\x99\xd7\x95\xd7\x9c \xd7\x9b\xd7\x9e\xd7\x95\xd7\xaa\xd7\x99.csv
>  
> The \\\xd7\x92\xd7\x99\xd7\x95\xd7\x9c - is Hebrew words 
>  
> is there a way to fix it ?

That's just an escaped utf-8 string:

>>> s='Test\hello\\\xd7\x92\xd7\x99\xd7\x95\xd7\x9c \xd7\x9b\xd7\x9e\xd7\x95\xd7\xaa\xd7\x99.csv'
>>> print s
Test\hello\גיול כמותי.csv

(or in python3)

>>> s=b'Test\hello\\\xd7\x92\xd7\x99\xd7\x95\xd7\x9c \xd7\x9b\xd7\x9e\xd7\x95\xd7\xaa\xd7\x99.csv'
>>> print(s.decode('utf-8'))
Test\hello\גיול כמותי.csv



-- 
- Justin Azoff


This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain materials protected by copyright or information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or agreement.

If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication by error, notify the sender immediately and delete this message immediately.

Thank you.