Markdown

2014-07-29 13:31:14 -04:00
parent 84df4c668a
commit 54968a3a90
2 changed files with 24 additions and 8 deletions
--- a/TimberWinR/Parser.cs
+++ b/TimberWinR/Parser.cs
@@ -238,6 +238,7 @@ namespace TimberWinR.Parser
            FormatMsg = true;
            FullText = true;
            BinaryFormat = FormatKinds.ASC;
+            FullEventCode = false;
          
            Fields = new List<Field>();
            Fields.Add(new Field("EventLog", "string"));
--- a/WindowsEvents.md
+++ b/WindowsEvents.md
@@ -7,11 +7,26 @@ The following parameters are allowed when configuring WindowsEvents.
 | Parameter         |     Type       |  Description                                                             | Legal Values                  |  Default |
 | :---------------- |:---------------| :----------------------------------------------------------------------- | :---------------------------  | :-- |
 | *source*          | property:string |Windows event logs                                                       | Application,System,Security |     |
-| *binaryFormat*    | property:string |Format of the "Data" binary field.                                       | ASC,HEX,PRINT               | ASC |
-| *msgErrorMode*    | property:string |Behavior when event messages or event category names cannot be resolved. |NULL,ERROR,MSG               | MSG |
-| *direction*       | property:string |Format of the "Data" binary field.                                       | FW,BW                        | FW  |
-| *stringsSep*      | property:string |Separator between values of the "Strings" field.                         | any string                    | \| |
-| *fullEventCode*   | property:bool   |Return the full event ID code instead of the friendly code.              | true,false                   | false |
-| *fullText*        | property:bool   |Retrieve the full text message                                           | true,false                   | true |
-| *resolveSIDS*     | property:bool   |Resolve SID values into full account names                               | true,false                   | true |
-| *formatMsg*       | property:bool   |Format the text message as a single line.                                | true,false                   | true |
+| *binaryFormat*    | property:string |Format of the "Data" binary field.                                       | ASC,HEX,PRINT               | **ASC** |
+| *msgErrorMode*    | property:string |Behavior when event messages or event category names cannot be resolved. |NULL,ERROR,MSG               | **MSG** |
+| *direction*       | property:string |Format of the "Data" binary field.                                       | FW,BW                        | **FW**  |
+| *stringsSep*      | property:string |Separator between values of the "Strings" field.                         | any string                    | | |
+| *fullEventCode*   | property:bool   |Return the full event ID code instead of the friendly code.              | true,false                   | **false** |
+| *fullText*        | property:bool   |Retrieve the full text message                                           | true,false                   | **true** |
+| *resolveSIDS*     | property:bool   |Resolve SID values into full account names                               | true,false                   | **true** |
+| *formatMsg*       | property:bool   |Format the text message as a single line.                                | true,false                   | **true** |
+```
+{
+    "TimberWinR": {
+        "Inputs": {
+            "WindowsEvents": [
+                {
+                    "source": "System,Application",
+                    "binaryFormat": "PRINT",
+                    "resolveSIDS": true
+                }
+            ]
+		}
+	}
+}
+```