From fe01e26df7b0d37042fa72438f5f0c6310ac625e Mon Sep 17 00:00:00 2001 From: Eric Fontana Date: Tue, 29 Jul 2014 13:34:52 -0400 Subject: [PATCH] md --- README.md | 43 ++++++++++++++++++++++--------------------- WindowsEvents.md | 1 + 2 files changed, 23 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index b422f6a..6456b88 100644 --- a/README.md +++ b/README.md @@ -17,28 +17,29 @@ the data from LogParser and ships it to Logstash via Redis. ## Sample Configuration TimberWinR reads a JSON configuration file, an example file is shown here: - - { - "TimberWinR": { - "Inputs": { - "WindowsEvents": [ - { - "source": "System,Application", - "binaryFormat": "PRINT", - "resolveSIDS": true - } - ] - }, - "Outputs": { - "Redis": [ - { - "host": [ - "server1.host.com" - ] - } - ] - } +```json +{ +"TimberWinR": { + "Inputs": { + "WindowsEvents": [ + { + "source": "System,Application", + "binaryFormat": "PRINT", + "resolveSIDS": true + } + ] + }, + "Outputs": { + "Redis": [ + { + "host": [ + "server1.host.com" + ] + } + ] } +} +``` This configuration collects Events from the Windows Event Logs (System, Application) and forwards them to Redis. diff --git a/WindowsEvents.md b/WindowsEvents.md index 402ec61..d40216e 100644 --- a/WindowsEvents.md +++ b/WindowsEvents.md @@ -15,6 +15,7 @@ The following parameters are allowed when configuring WindowsEvents. | *fullText* | property:bool |Retrieve the full text message | true,false | **true** | | *resolveSIDS* | property:bool |Resolve SID values into full account names | true,false | **true** | | *formatMsg* | property:bool |Format the text message as a single line. | true,false | **true** | +Example Input: ```json { "TimberWinR": {