Update README.md (#43)

TiNico22 · web-flow · commit 83a9a8a2c544 · 2020-12-28T12:23:20.000+02:00
add extra comment to snare output and common problem with nxlog input
correct typo "transparent"
diff --git a/README.md b/README.md
@@ -68,7 +68,7 @@ Example:
 <14>1 2016-03-31T19:19:02.524Z graylog unknown - nginx [all@0 request_verb="GET" remote_addr="192.168.1.37" response_status="404" from_nginx="true" level="6" connection_requests="1" http_version="1.1" response_bytes="1906" source="nginx" message="GET /test1/x HTTP/1.1" gl2_source_input="566c96abe4b094dfbc2661a8" version="1.1" nginx_access="true" http_user_agent="Wget/1.15 (linux-gnu)" remote_user="-" connection_id="970" http_referer="-" request_path="/test1/x" gl2_source_node="bebd092c-85d7-49a3-8188-f7af734747fb" _id="6d833da0-f775-11e5-b30c-0800276c97db" millis="0.002" facility="runit-service" timestamp="2016-03-31T19:19:02.000Z"] source: nginx | message: GET /test1/x HTTP/1.1 { request_verb: GET | remote_addr: 192.168.1.37 | response_status: 404 | from_nginx: true | level: 6 | connection_requests: 1 | http_version: 1.1 | response_bytes: 1906 | gl2_source_input: 566c96abe4b094dfbc2661a8 | version: 1.1 | nginx_access: true | http_user_agent: Wget/1.15 (linux-gnu) | remote_user: - | connection_id: 970 | http_referer: - | request_path: /test1/x | gl2_source_node: bebd092c-85d7-49a3-8188-f7af734747fb | _id: 6d833da0-f775-11e5-b30c-0800276c97db | millis: 0.002 | facility: runit-service | timestamp: 2016-03-31T19:19:02.000Z }
 ```
 
-### trasparent
+### transparent
 
 A variation of plain sender which tries to keep facility and source from fields, resulting in having a passthrough effect with Graylog Syslog input.
 If configured, can omit header if your message already contains header.
@@ -88,6 +88,10 @@ echo "<86>_sourcehost_ messagetext86" | nc -v -w 0 localhost 1514
 ### snare
 
 Re-build a snare log format of windows event in stream.
+Note : snare output use message field rather than full_message. 
+If your message field is truncated and you are using Nxlog, check https://nxlog.co/documentation/nxlog-user-guide/xm_gelf.html and short_message field and adjust to your size needs
+This optional directive can be used to specify the length of the short_message field for the GELF output writers. This defaults to 64 if the directive is not explicitly specified.
+
 Example:
 
 ```
