Timestamp enabled

Readme.md

@@ -2,6 +2,28 @@
 
 ## How To
 
+### Setup
+
+
+1. Enable the custom logging template on `/etc/rsyslog.conf` as follows.
+
+    ```
+    template(name="MyIptablesTimestampFormat" type="string" string="tstamp=%timegenerated:::date-rfc3339% %HOSTNAME% %syslogtag% %msg%\n")
+    if $msg startswith 'iptables:' then {
+        action(type="omfile" file="/var/log/iptables.log" template="MyIptablesTimestampFormat")
+        stop
+    }
+    ```
+2. Make sure your iptables rules are inline with the condition you use on `rsyslog.conf`. As example my iptables log file starts with `iptables:` string so my `rsyslog.conf` condition is `...startswith 'iptables:'...`.
+
+    ```
+    iptables -A FORWARD -s 10.30.1.94/32 -d 192.168.0.0/16 -m limit --limit 1/min -j LOG --log-prefix "iptables: Vsphere "
+    iptables -A FORWARD -s 10.30.1.70/32 -d 192.168.0.0/16 -m limit --limit 1/min -j LOG --log-prefix "iptables: RHEL "
+    iptables -A FORWARD -s 10.30.1.52/32 -d 192.168.0.0/16 -m limit --limit 1/min -j LOG --log-prefix "iptables: Odoo "
+    iptables -A FORWARD -s 10.30.1.105/32 -d 192.168.0.0/16 -m limit --limit 1/min -j LOG --log-prefix "iptables: OPNsense "
+    ```
+
+
 ### Build
 
 ```c=
@@ -28,7 +50,7 @@ Reads, iptables.log and calls the  `lib/parser_lib.so`. Feed the parser library
 Process the sed like operation on the line by line feeded by `wrapper.py`.
 
 Current parsed values are :
-
+- TimeStamp
 - Source IP
 - Destination IP
 - Packet Length