diff --git a/src/coalesce.rs b/src/coalesce.rs
index e495b16..8356198 100644
--- a/src/coalesce.rs
+++ b/src/coalesce.rs
@@ -1170,6 +1170,10 @@ mod test {
             !output.contains(r#""egid":0,"#),
             "output does not contain raw egid"
         );
+        assert!(
+            output.contains(r#"NODE":"work","#),
+            "node name is encoded correctly."
+        );
 
         Ok(())
     }
diff --git a/src/testdata/record-execve.txt b/src/testdata/record-execve.txt
index 666e646..dd98b8d 100644
--- a/src/testdata/record-execve.txt
+++ b/src/testdata/record-execve.txt
@@ -1,7 +1,7 @@
-type=SYSCALL msg=audit(1615114232.375:15558): arch=c000003e syscall=59 success=yes exit=0 a0=63b29337fd18 a1=63b293387d58 a2=63b293375640 a3=fffffffffffff000 items=2 ppid=10883 pid=10884 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="whoami" exe="/usr/bin/whoami" key=(null)ARCH=x86_64 SYSCALL=execve AUID="user" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
-type=EXECVE msg=audit(1615114232.375:15558): argc=1 a0="whoami"
-type=CWD msg=audit(1615114232.375:15558): cwd="/home/user/tmp"
-type=PATH msg=audit(1615114232.375:15558): item=0 name="/usr/bin/whoami" inode=261214 dev=ca:03 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0OUID="root" OGID="root"
-type=PATH msg=audit(1615114232.375:15558): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=262146 dev=ca:03 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0OUID="root" OGID="root"
-type=PROCTITLE msg=audit(1615114232.375:15558): proctitle="whoami"
-type=EOE msg=audit(1615114232.375:15558):
+node=work type=SYSCALL msg=audit(1615114232.375:15558): arch=c000003e syscall=59 success=yes exit=0 a0=63b29337fd18 a1=63b293387d58 a2=63b293375640 a3=fffffffffffff000 items=2 ppid=10883 pid=10884 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="whoami" exe="/usr/bin/whoami" key=(null)ARCH=x86_64 SYSCALL=execve AUID="user" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+node=work type=EXECVE msg=audit(1615114232.375:15558): argc=1 a0="whoami"
+node=work type=CWD msg=audit(1615114232.375:15558): cwd="/home/user/tmp"
+node=work type=PATH msg=audit(1615114232.375:15558): item=0 name="/usr/bin/whoami" inode=261214 dev=ca:03 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0OUID="root" OGID="root"
+node=work type=PATH msg=audit(1615114232.375:15558): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=262146 dev=ca:03 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0OUID="root" OGID="root"
+node=work type=PROCTITLE msg=audit(1615114232.375:15558): proctitle="whoami"
+node=work type=EOE msg=audit(1615114232.375:15558):
diff --git a/src/types.rs b/src/types.rs
index 463eceb..6aca7c9 100644
--- a/src/types.rs
+++ b/src/types.rs
@@ -70,7 +70,7 @@ impl Serialize for Event<'_> {
         map.serialize_value(&self.id)?;
         if let Some(node) = &self.node {
             map.serialize_key("NODE")?;
-            map.serialize_value(&node)?;
+            map.serialize_value(&Bytes(node))?;
         }
         for (k, v) in &self.body {
             map.serialize_entry(&k, &v)?;