As i understood the first post showed an example of the intended format. I would just set the start= and stop= to the whatever the event time is and call it a day.
The intention of these requirements (by authorities) is to have a log of sessions made by users behind a (CG)NAT router.
So when they have some record of a TCP connect from 1.2.3.4:12345 to 4.5.6.7:443 at time X, they want to know which user behind the (CG)NAT router 1.2.3.4 made that connection.
For that, it is required to have the start and end time of that TCP session as seen by the router.
Contrary to what some people seem to think, these start and end times are actually well defined and known by the NAT subsystem of the router, at least for sessions that are successful and have been closed.
Where it goes wrong is the use of the logging feature of NAT rules. This triggers the log at the beginning of the session, and there is no corresponding log at the end.
That would be an additional feature: have some way for NAT rules to log at the time they get deleted. At that time, log the info that was requested including the start time (which would have to be recorded in the NAT entry all the time) and the end time (now).
RouterOS does not provide this. But RouterOS provides an alternative: Netflow. It has problems, e.g. it uses 32-bit values where 64-bit is required, but it does provide all the info that the authorities need.
But, as already written, you need an external system that receives the Netflow info and converts it to the format required.