I am using UF 6.6.3.0 on my domain controller and following is my inputs.conf. The whitelisting part is not working I am seeing all event codes.
[WinEventLog://Security]
disabled = 0
start_from = newest
current_only = 1
evt_resolve_ad_obj = 0
checkpointInterval = 5
# only index events with these event IDs.
whitelist = 4723,4724,4740,4782
index = wineventlog
renderXml=false
↧