Updated docs

Fixed timestamp to correct ISO format
2014-07-29 13:20:30 -04:00
parent 1d2b3f6c48
commit de5b4fa896
3 changed files with 14 additions and 16 deletions
--- a/TimberWinR.sln
+++ b/TimberWinR.sln
@@ -19,6 +19,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		LICENSE.txt = LICENSE.txt
 		Package.nuspec = Package.nuspec
 		README.md = README.md
+		WindowsEvents.md = WindowsEvents.md
 	EndProjectSection
 EndProject
 Global
--- a/TimberWinR/Inputs/InputListener.cs
+++ b/TimberWinR/Inputs/InputListener.cs
@@ -77,7 +77,7 @@ namespace TimberWinR.Inputs
                json.Add(new JProperty("@version", 1));

            if (json["@timestamp"] == null)
-                json.Add(new JProperty("@timestamp", DateTime.UtcNow));
+                json.Add(new JProperty("@timestamp", DateTime.UtcNow.ToString("o")));
        }

        protected void ProcessJson(JObject json)
--- a/WindowsEvents.md
+++ b/WindowsEvents.md
@@ -2,19 +2,16 @@
 # Input: WindowsEvents

 ## Parameters
+The following parameters are allowed when configuring WindowsEvents.

- - **source** [Property]
-`"source": "Application,System"`
-> event_log[, event_log]
->-Names of Event Logs("System", "Application","Security" or a custom event log)
- - binaryFormat
- - msgErrorMode
- - direction
- - stringsSep
- - fullEventCode
- - fullText
- - resolveSIDS
- - fields
- - formatMsg
-
-> Written with [StackEdit](https://stackedit.io/).
+| Parameter         |     Type       |  Description                                                             | Legal Values                  |  Default |
+| :---------------- |:---------------| :----------------------------------------------------------------------- | :---------------------------  | :-- |
+| *source*          | property:string |Windows event logs                                                       | Application, System, Security |     |
+| *binaryFormat*    | property:string |Format of the "Data" binary field.                                       | ASC\|HEX\|PRINT               | ASC |
+| *msgErrorMode*    | property:string |Behavior when event messages or event category names cannot be resolved. |NULL\|ERROR\|MSG               | MSG |
+| *direction*       | property:string |Format of the "Data" binary field.                                       | FW\|BW                        | FW  |
+| *stringsSep*      | property:string |Separator between values of the "Strings" field.                         | any string                    | \| |
+| *fullEventCode*   | property:bool   |Return the full event ID code instead of the friendly code.              | true\|false                   | false |
+| *fullText*        | property:bool   |Retrieve the full text message                                           | true\|false                   | true |
+| *resolveSIDS*     | property:bool   |Resolve SID values into full account names                               | true\|false                   | true |
+| *formatMsg*       | property:bool   |Format the text message as a single line.                                | true\|false                   | true |