# Sample inputs.conf for sourcetypes supported by app [WinEventLog://Application] disabled = 1 start_from = oldest current_only = 0 checkpointInterval = 5 index = wineventlog renderXml=true [WinEventLog://Security] disabled = 1 start_from = oldest current_only = 0 evt_resolve_ad_obj = 1 checkpointInterval = 5 index = wineventlog renderXml=true [WinEventLog://System] disabled = 1 start_from = oldest current_only = 0 checkpointInterval = 5 index = wineventlog renderXml=true [monitor://$WINDIR\System32\DHCP] disabled = 0 whitelist = DhcpSrvLog* crcSalt = sourcetype = DhcpSrvLog index = windows [monitor://$WINDIR\WindowsUpdate.log] disabled = 0 sourcetype = WindowsUpdateLog index = windows [script://.\bin\win_installed_apps.bat] disabled = 0 index = windows sourcetype = Script:InstalledApps interval = 600 [script://.\bin\win_listening_ports.bat] disabled = 0 index = windows sourcetype = Script:ListeningPorts interval = 3600 [script://.\bin\win_timesync_configuration.bat] disabled = 0 index = windows sourcetype = Script:TimesyncConfiguration [script://.\bin\win_timesync_status.bat] disabled = 0 index = windows sourcetype = Script:TimesyncStatus [perfmon://CPUTime] disabled = 0 index = perfmon interval = 600 [perfmon://CPU] disabled = 0 index = perfmon interval = 600 [perfmon://FreeDiskSpace] disabled = 0 index = perfmon interval = 600 [perfmon://Memory] disabled = 0 index = perfmon interval = 600 [perfmon://LocalNetwork] disabled = 0 index = perfmon interval = 600 [perfmon://LogicalDisk] counters = * disabled = 0 instances = * interval = 10 object = LogicalDisk index = perfmon [perfmon://Process] counters = * disabled = 0 instances = * interval = 10 object = Process index = perfmon [perfmon://System] counters = * disabled = 0 instances = * interval = 10 object = System index = perfmon [WinHostMon://os] type = operatingSystem interval = 86400 index = windows [WinHostMon://disk] type = disk interval = 86400 index = windows [WinHostMon://network] type = networkAdapter interval = 86400 index = windows [WinHostMon://service] type = service interval = 300 index = windows [WinHostMon://process] type = process interval = 300 index = windows