TerribleDev/TimberWinR
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

md

Browse Source
This commit is contained in:
Eric Fontana
2014-07-29 13:34:52 -04:00
parent a6f1c48b3f
commit fe01e26df7
2 changed files with 23 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
README.md
View File

@@ -17,28 +17,29 @@ the data from LogParser and ships it to Logstash via Redis.
## Sample Configuration
TimberWinR reads a JSON configuration file, an example file is shown here:
{
"TimberWinR": {
"Inputs": {
"WindowsEvents": [
{
"source": "System,Application",
"binaryFormat": "PRINT",
"resolveSIDS": true
}
]
},
"Outputs": {
"Redis": [
{
"host": [
"server1.host.com"
]
}
]
}
```json
{
"TimberWinR": {
"Inputs": {
"WindowsEvents": [
{
"source": "System,Application",
"binaryFormat": "PRINT",
"resolveSIDS": true
}
]
},
"Outputs": {
"Redis": [
{
"host": [
"server1.host.com"
]
}
]
}
}
```
This configuration collects Events from the Windows Event Logs (System, Application) and forwards them
to Redis.

1
WindowsEvents.md
View File

@@ -15,6 +15,7 @@ The following parameters are allowed when configuring WindowsEvents.
| *fullText* | property:bool |Retrieve the full text message | true,false | **true** |
| *resolveSIDS* | property:bool |Resolve SID values into full account names | true,false | **true** |
| *formatMsg* | property:bool |Format the text message as a single line. | true,false | **true** |
Example Input:
```json
{
"TimberWinR": {