From 0cd471dfb22f9be12c9c7207faacde21479b1f58 Mon Sep 17 00:00:00 2001
From: Kelly Brazil <kellyjonbrazil@gmail.com>
Date: Sun, 14 Aug 2022 12:11:31 -0700
Subject: [PATCH] doc update

---
 docs/parsers/syslog.md | 13 ++++++-------
 jc/parsers/syslog.py   | 13 ++++++-------
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/docs/parsers/syslog.md b/docs/parsers/syslog.md
index 1e9628dd..e03d791f 100644
--- a/docs/parsers/syslog.md
+++ b/docs/parsers/syslog.md
@@ -5,6 +5,9 @@
 
 jc - JSON Convert Syslog RFC 5424 string parser
 
+This parser accepts a single syslog line string or multiple syslog lines
+separated by newlines.
+
 The `timestamp_epoch` calculated timestamp field is naive. (i.e. based on
 the local time of the system the parser is run on)
 
@@ -13,16 +16,12 @@ is only available if the timezone field is UTC.
 
 Usage (cli):
 
-    $ syslogstring | jc --syslog
-
-    or
-
-    $ jc syslog-5424
+    $ echo <165>1 2003-08-24T05:14:15.000003-07:00 192.0.2... | jc --syslog
 
 Usage (module):
 
     import jc
-    result = jc.parse('syslog', syslog_command_output)
+    result = jc.parse('syslog', syslog_string)
 
 Schema:
 Blank values converted to `null`/`None`
@@ -97,7 +96,7 @@ Examples:
         "appname": "evntslog",
         "proc_id": null,
         "msg_id": "ID47",
-        "structured_data": "[exampleSDID@32473 iut=\"3\" eventSource=\...",
+        "structured_data": "[exampleSDID@32473 iut=\\"3\\" eventSource...",
         "message": "unauthorized attempt"
       }
     ]
diff --git a/jc/parsers/syslog.py b/jc/parsers/syslog.py
index 97b68cc2..4335cae7 100644
--- a/jc/parsers/syslog.py
+++ b/jc/parsers/syslog.py
@@ -1,5 +1,8 @@
 """jc - JSON Convert Syslog RFC 5424 string parser
 
+This parser accepts a single syslog line string or multiple syslog lines
+separated by newlines.
+
 The `timestamp_epoch` calculated timestamp field is naive. (i.e. based on
 the local time of the system the parser is run on)
 
@@ -8,16 +11,12 @@ is only available if the timezone field is UTC.
 
 Usage (cli):
 
-    $ syslogstring | jc --syslog
-
-    or
-
-    $ jc syslog-5424
+    $ echo <165>1 2003-08-24T05:14:15.000003-07:00 192.0.2... | jc --syslog
 
 Usage (module):
 
     import jc
-    result = jc.parse('syslog', syslog_command_output)
+    result = jc.parse('syslog', syslog_string)
 
 Schema:
 Blank values converted to `null`/`None`
@@ -92,7 +91,7 @@ Examples:
         "appname": "evntslog",
         "proc_id": null,
         "msg_id": "ID47",
-        "structured_data": "[exampleSDID@32473 iut=\"3\" eventSource=\...",
+        "structured_data": "[exampleSDID@32473 iut=\\"3\\" eventSource...",
         "message": "unauthorized attempt"
       }
     ]