[Bro] How to convert name field in smb_files.log to "readable" string?
Seth Hall
seth at corelight.com
Thu Nov 30 09:18:20 PST 2017
I've been thinking about how to handle this for a while. The data that
is being written into the log is technically already UTF-8, it's just
that non-ascii bytes are escaped.
I think we can deal with this by making a switch for the logs to make
them "UTF-8". It would incur a bit of overhead because each string
would have to be scanned for valid UTF-8 characters before being written
and then only non-valid bytes would be escaped.
.Seth
On 30 Nov 2017, at 1:55, 김수련 wrote:
> Hi, all
>
> Is there some way that convert name field of smb_files.log to
> "readable"?
>
> I got name value like "\u00ec\u0099\u0084"
>
> It seems like unicode and I read weird string(e.g. ê¸°íš íŒ€)
> when I send
> to ELK(characterset: utf-8).
>
> I might need to convert it.
>
> Any comments would be appreciated!
>
> Thanks!
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Bro
mailing list