From de5b4fa896ff7ecfbe79844a0aeea87f69cb335c Mon Sep 17 00:00:00 2001
From: Eric Fontana <eric@fontanas.net>
Date: Tue, 29 Jul 2014 13:20:30 -0400
Subject: [PATCH] Updated docs

Fixed timestamp to correct ISO format
---
 TimberWinR.sln                     |  1 +
 TimberWinR/Inputs/InputListener.cs |  2 +-
 WindowsEvents.md                   | 27 ++++++++++++---------------
 3 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/TimberWinR.sln b/TimberWinR.sln
index fd2c5fc..fe6fd3f 100644
--- a/TimberWinR.sln
+++ b/TimberWinR.sln
@@ -19,6 +19,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		LICENSE.txt = LICENSE.txt
 		Package.nuspec = Package.nuspec
 		README.md = README.md
+		WindowsEvents.md = WindowsEvents.md
 	EndProjectSection
 EndProject
 Global
diff --git a/TimberWinR/Inputs/InputListener.cs b/TimberWinR/Inputs/InputListener.cs
index 5f4a4e9..39fa6d1 100644
--- a/TimberWinR/Inputs/InputListener.cs
+++ b/TimberWinR/Inputs/InputListener.cs
@@ -77,7 +77,7 @@ namespace TimberWinR.Inputs
                 json.Add(new JProperty("@version", 1));
 
             if (json["@timestamp"] == null)
-                json.Add(new JProperty("@timestamp", DateTime.UtcNow));
+                json.Add(new JProperty("@timestamp", DateTime.UtcNow.ToString("o")));
         }
 
         protected void ProcessJson(JObject json)
diff --git a/WindowsEvents.md b/WindowsEvents.md
index 62a7fd8..4abada7 100644
--- a/WindowsEvents.md
+++ b/WindowsEvents.md
@@ -2,19 +2,16 @@
 # Input: WindowsEvents
 
 ## Parameters
+The following parameters are allowed when configuring WindowsEvents.
 
- - **source** [Property]
-`"source": "Application,System"`
-> event_log[, event_log]
->-Names of Event Logs("System", "Application","Security" or a custom event log)
- - binaryFormat
- - msgErrorMode
- - direction
- - stringsSep
- - fullEventCode
- - fullText
- - resolveSIDS
- - fields
- - formatMsg
-
-> Written with [StackEdit](https://stackedit.io/).
\ No newline at end of file
+| Parameter         |     Type       |  Description                                                             | Legal Values                  |  Default |
+| :---------------- |:---------------| :----------------------------------------------------------------------- | :---------------------------  | :-- |
+| *source*          | property:string |Windows event logs                                                       | Application, System, Security |     |
+| *binaryFormat*    | property:string |Format of the "Data" binary field.                                       | ASC\|HEX\|PRINT               | ASC |
+| *msgErrorMode*    | property:string |Behavior when event messages or event category names cannot be resolved. |NULL\|ERROR\|MSG               | MSG |
+| *direction*       | property:string |Format of the "Data" binary field.                                       | FW\|BW                        | FW  |
+| *stringsSep*      | property:string |Separator between values of the "Strings" field.                         | any string                    | \| |
+| *fullEventCode*   | property:bool   |Return the full event ID code instead of the friendly code.              | true\|false                   | false |
+| *fullText*        | property:bool   |Retrieve the full text message                                           | true\|false                   | true |
+| *resolveSIDS*     | property:bool   |Resolve SID values into full account names                               | true\|false                   | true |
+| *formatMsg*       | property:bool   |Format the text message as a single line.                                | true\|false                   | true |
\ No newline at end of file