smb: log create empty filename as '<share_root>' like Bro does

author Victor Julien <victor@inliniac.net>

Mon, 12 Mar 2018 06:57:06 +0000 (07:57 +0100)

committer Victor Julien <victor@inliniac.net>

Mon, 12 Mar 2018 14:34:43 +0000 (15:34 +0100)
author Victor Julien <victor@inliniac.net>
Mon, 12 Mar 2018 06:57:06 +0000 (07:57 +0100)
committer Victor Julien <victor@inliniac.net>
Mon, 12 Mar 2018 14:34:43 +0000 (15:34 +0100)
diff --git a/rust/src/smb/log.rs b/rust/src/smb/log.rs

index 2dab5fe1c223ba2d65788aca88627fa203fbee86..92d390b35b952f6fbb45a99da96b186d4b7067f9 100644 (file)
--- a/rust/src/smb/log.rs
+++ b/rust/src/smb/log.rs
@@ -176,11 +176,16 @@ fn smb_common_header(state: &SMBState, tx: &SMBTransaction) -> Json
          Some(SMBTransactionTypeData::CREATE(ref x)) => {
              let mut name_raw = x.filename.to_vec();
              name_raw.retain(|&i|i != 0x00);
-            let name = String::from_utf8_lossy(&name_raw);
-            if x.directory {
-                js.set_string("directory", &name);
+            if name_raw.len() > 0 {
+                let name = String::from_utf8_lossy(&name_raw);
+                if x.directory {
+                    js.set_string("directory", &name);
+                } else {
+                    js.set_string("filename", &name);
+                }
              } else {
-                js.set_string("filename", &name);
+                // name suggestion from Bro
+                js.set_string("filename", "<share_root>");
              }
              match x.disposition {
                  1 => { js.set_string("disposition", "open"); },
author	Victor Julien <victor@inliniac.net>
	Mon, 12 Mar 2018 06:57:06 +0000 (07:57 +0100)
committer	Victor Julien <victor@inliniac.net>
	Mon, 12 Mar 2018 14:34:43 +0000 (15:34 +0100)