[
https://issues.apache.org/jira/browse/METRON-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16004687#comment-16004687
]
Christian Tramnitz commented on METRON-941:
-------------------------------------------
There are some other issues with the parser:
* a bunch of different attributes are assigned to the "content_type" variable,
see metron/parsers/paloalto/BasicPaloAltoFirewallParser.java L84-90
* only support old v6.0 log format
* fields have inconsistent names
> native PaloAlto parser corrupts message when having a comma in the payload
> --------------------------------------------------------------------------
>
> Key: METRON-941
> URL: https://issues.apache.org/jira/browse/METRON-941
> Project: Metron
> Issue Type: Bug
> Affects Versions: 0.4
> Environment: full-dev master
> Reporter: Christian Tramnitz
> Priority: Minor
>
> When a data field contains a comma (i.e. the URL, not too uncommon), the
> split(",") kicks in and the rest of the message if off by few fields due to
> positional definition.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
