Github user ctramnitz commented on the issue:
https://github.com/apache/metron/pull/579
I'm running this myself and actively parsing PaloAlto logs with this change
for about 3 weeks. You can also see that the changes are fairly trivial and
that structure and naming follows the vendors specifications.
I understand your concerns about the missing unit tests, but, as mentioned
before, unit testing was completely non functional before, I didn't even
remotely touch it. You basically have the choice of not merging this, resulting
in having no unit test and a broken parser, or merging it with still no unit
test but having a working parser. As I already discussed for METRON-962 I can
provide sample logs for unit testing.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
