diff --git a/cowrie/wardenfiler.py b/cowrie/wardenfiler.py
index 642ef81fcad2d57f74b5ddb309ca4209d1b10b52..9adb65dc26bdd1311ab65938e763fb05958bdbea 100644
--- a/cowrie/wardenfiler.py
+++ b/cowrie/wardenfiler.py
@@ -156,9 +156,10 @@ class Output(cowrie.core.output.Output):
         if self.test_mode:
             event["Category"].append("Test")
 
-        entry["src_ip"] = entry["src_ip"].lstrip("::ffff:")
-        if entry.get("dst_ip"):
-            entry["dst_ip"] = entry["dst_ip"].lstrip("::ffff:")
+        if entry["src_ip"].startswith("::ffff:"):
+            entry["src_ip"] = entry["src_ip"][7:]
+        if entry.get("dst_ip") and entry["dst_ip"].startswith("::ffff:"):
+            entry["dst_ip"] = entry["dst_ip"][7:]
 
         # detect IPv4 or IPv6
         src_af = "IP4" if not ':' in entry["src_ip"] else "IP6"