diff --git a/dionaea/log_wardenfiler.py b/dionaea/log_wardenfiler.py
index a4048698ee3618b5d1e221eb047183533a36e5b3..49589ecc9751895d0ac19ebeaf4c4bdc02eace5e 100644
--- a/dionaea/log_wardenfiler.py
+++ b/dionaea/log_wardenfiler.py
@@ -106,10 +106,15 @@ class LogWardenfilerHandler(ihandler):
         ihandler.__init__(self, path)
         self.path = path
         self._config = config
-    
+
+    def _bytes_to_str(self, s):
+        if isinstance(s, str):
+            return s
+        return str(s, "utf-8", "backslashreplace")
+
     def _fixup_event(self, event):
         if 'database' in event and isinstance(event['database'], bytes):
-            event['database'] = str(event['database'], "utf-8", "backslashreplace")
+            event['database'] = self._bytes_to_str(event['database'])
         return event
 
     def _save_event(self, event):
@@ -410,17 +415,17 @@ class LogWardenfilerHandler(ihandler):
 
     def handle_incident_dionaea_modules_python_ftp_login(self, icd):
         con = icd.con
-        self._register_connection(con, "ftp",  cred = {"User": icd.username, "Password": icd.password})
+        self._register_connection(con, "ftp",  cred = {"User": self._bytes_to_str(icd.username), "Password": self._bytes_to_str(icd.password)})
         logger.info("new FTP login within connection from %s:%i to %s:%i" % (con.remote.host, con.remote.port, con.local.host, con.local.port))
 
     def handle_incident_dionaea_modules_python_mssql_login(self, icd):
         con = icd.con
-        self._register_connection(con, "ms-sql-s",  cred = {"User": icd.username, "Password": icd.password})
+        self._register_connection(con, "ms-sql-s",  cred = {"User": self._bytes_to_str(icd.username), "Password": self._bytes_to_str(icd.password)})
         logger.info("new MSSQL login within connection from %s:%i to %s:%i" % (con.remote.host, con.remote.port, con.local.host, con.local.port))
 
     def handle_incident_dionaea_modules_python_mysql_login(self, icd):
         con = icd.con
-        self._register_connection(con, "mysql",  cred = {"User": icd.username, "Password": icd.password})
+        self._register_connection(con, "mysql",  cred = {"User": self._bytes_to_str(icd.username), "Password": self._bytes_to_str(icd.password)})
         logger.info("new MySQL login within connection from %s:%i to %s:%i" % (con.remote.host, con.remote.port, con.local.host, con.local.port))
 
     def handle_incident_dionaea_modules_python_p0f(self, icd):