diff --git a/rust/src/smb/log.rs b/rust/src/smb/log.rs
index 8a082499c0..2dab5fe1c2 100644
--- a/rust/src/smb/log.rs
+++ b/rust/src/smb/log.rs
@@ -227,6 +227,21 @@ fn smb_common_header(state: &SMBState, tx: &SMBTransaction) -> Json
             } else {
                 js.set_string("share", &share_name);
             }
+
+            // handle services
+            if tx.vercmd.get_version() == 1 {
+                let jsd = Json::object();
+
+                if let Some(ref s) = x.req_service {
+                    let serv = String::from_utf8_lossy(&s);
+                    jsd.set_string("request", &serv);
+                }
+                if let Some(ref s) = x.res_service {
+                    let serv = String::from_utf8_lossy(&s);
+                    jsd.set_string("response", &serv);
+                }
+                js.set("service", jsd);
+            }
         },
         Some(SMBTransactionTypeData::FILE(ref x)) => {
             let file_name = String::from_utf8_lossy(&x.file_name);
diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs
index 64883785ac..52bc3238e6 100644
--- a/rust/src/smb/smb.rs
+++ b/rust/src/smb/smb.rs
@@ -393,6 +393,10 @@ pub struct SMBTransactionTreeConnect {
     pub is_pipe: bool,
     pub tree_id: u32,
     pub share_name: Vec<u8>,
+
+    /// SMB1 service strings
+    pub req_service: Option<Vec<u8>>,
+    pub res_service: Option<Vec<u8>>,
 }
 
 impl SMBTransactionTreeConnect {
@@ -401,6 +405,8 @@ impl SMBTransactionTreeConnect {
             is_pipe:false,
             tree_id:0,
             share_name:share_name,
+            req_service: None,
+            res_service: None,
         }
     }
 }
diff --git a/rust/src/smb/smb1.rs b/rust/src/smb/smb1.rs
index 389ade50c6..637a41454f 100644
--- a/rust/src/smb/smb1.rs
+++ b/rust/src/smb/smb1.rs
@@ -284,9 +284,9 @@ pub fn smb1_request_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>) -> u32 {
         SMB1_COMMAND_TREE_CONNECT_ANDX => {
             SCLogDebug!("SMB1_COMMAND_TREE_CONNECT_ANDX");
             match parse_smb_connect_tree_andx_record(r.data, r) {
-                IResult::Done(_, create_record) => {
+                IResult::Done(_, tr) => {
                     let name_key = SMBCommonHdr::from1(r, SMBHDR_TYPE_TREE);
-                    let mut name_val = create_record.path;
+                    let mut name_val = tr.path;
                     if name_val.len() > 1 {
                         name_val = name_val[1..].to_vec();
                     }
@@ -294,6 +294,9 @@ pub fn smb1_request_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>) -> u32 {
                     // store hdr as SMBHDR_TYPE_TREE, so with tree id 0
                     // when the response finds this we update it
                     let tx = state.new_treeconnect_tx(name_key, name_val);
+                    if let Some(SMBTransactionTypeData::TREECONNECT(ref mut tdn)) = tx.type_data {
+                        tdn.req_service = Some(tr.service.to_vec());
+                    }
                     tx.request_done = true;
                     tx.vercmd.set_smb1_cmd(SMB1_COMMAND_TREE_CONNECT_ANDX);
                     true
@@ -442,6 +445,7 @@ pub fn smb1_response_record<'b>(state: &mut SMBState, r: &SmbRecord<'b>) -> u32
                                 tdn.is_pipe = is_pipe;
                                 tdn.tree_id = r.tree_id as u32;
                                 share_name = tdn.share_name.to_vec();
+                                tdn.res_service = Some(tr.service.to_vec());
                             }
                             tx.hdr = SMBCommonHdr::from1(r, SMBHDR_TYPE_HEADER);
                             tx.set_status(r.nt_status, r.is_dos_error);