Try using advanced filtering. Create a second whitelist that filters based on EventCode and ComputerName. Set ComputerName to the name of the client that you want to log the event.
[WinEventLog://Security]
disabled = 0
index = default
whitelist=4618,4621,4624,4625,4634,4649,4675,4692,4693,4706,4719,4720,4722-4735,4737,4738,4740,4744-4762,4765-4766,4794,4897,4964,1102,4648,5038,6281
whitelist1=EventCode="2000" ComputerName="insert name of client here"
Or you could create a new app that contains whitelist1 for event code 2000, and only apply it to the single client.
[WinEventLog://Security]
whitelist1=EventCode="2000"
... View more