From 6b2bf0719324856a0bbacb9b47dea88a7b9199d1 Mon Sep 17 00:00:00 2001
From: nico <nico@magicbroccoli.de>
Date: Thu, 30 May 2019 02:18:45 +0200
Subject: readme update

* update README.md to the latest changes
---
 README.md | 37 ++++++++++++++++++++++++++++++-------
 1 file changed, 30 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 10d92d9..b11279a 100644
--- a/README.md
+++ b/README.md
@@ -14,25 +14,48 @@ pip install -r requirements.txt
 modules:
   mod_spam_filter:
     ...
-    spam_dump_file: "/var/log/ejabberd/spam-example.de.txt"
+    spam_dump_file: "/var/log/ejabberd/spam-@HOST@.txt"
     ...
 ```
 
 ## usage main.py
 ```
-usage: main.py [-h] [-in INFILE] [-d DOMAIN]
+usage: main.py [-h] [-in INFILE [INFILE ...]] [-d DOMAIN] [-r]
 
 optional arguments:
   -h, --help            show this help message and exit
-  -in INFILE, --infile INFILE
+  -in INFILE [INFILE ...], --infile INFILE [INFILE ...]
                         set path to input file
   -d DOMAIN, --domain DOMAIN
                         specify report domain
+  -r, --report          toggle report output to file
 ```
 
-The `--in` argument does only support a single log file at a time.
+#### -in / --infile
+The `--in` or `--infile` argument is designed to run automatically via the logrotate daemon. Therefor the script is 
+able to process gzip compressed files and also multiple files at once via shell expansion.
 
-## usage abusereport-domain.sh
+##### example
+If ejabberd is configured to create multiple spamdump files it is possible to ingest all files at once, following 
+this example.
 ```bash
-./abusereport-domain.sh domain.tld
-```
\ No newline at end of file
+$ ./main.py --in /var/log/ejabberd/spam-*.log
+```
+
+#### -d / --domain
+If a domain is specifically defined to be processed, the script will only query the sqlite database for that domain. 
+It is possible to provide multiple domains at once via multiple `-d` or `--domain` arguments.
+
+##### example
+```bash
+$ ./main.py --d example.tld -d example.com
+
+|   messages |   bots | domain      | first seen                  | last seen                   |
+|------------+--------+-------------+-----------------------------+-----------------------------|
+|         15 |      9 | example.tld | 2019-04-28T20:19:43.939926Z | 2019-05-22T13:59:53.339834Z |
+|         23 |      7 | example.com | 2018-02-28T20:19:43.939926Z | 2019-05-22T13:59:53.339834Z |
+```
+
+#### -r / --report
+This flag will only take effect if the `-d` or `--domain` argument is used. If that is the case, the script will 
+automatically gather information about the specified domain and write them to the `report` directory.
-- 
cgit v1.2.3-18-g5258