Solved: Forward to indexer all except from particular path

Wojt3k · ‎08-13-2021

Hello,

I would like to exclude just one user from forwarding logs and I am thinking if my solution will work:

in inputs.conf I would like to define:

[monitor:///home/nessus/.bash_history]
disabled = true

[monitor:///home/*/.bash_history]
disabled = false

The goal is to exclude logging data from user nessus but to log everybody else.

I am not sure if it's a good solution, maybe someone has better idea?

manjunathmeti · ‎08-13-2021

You can use deny list.

[monitor:///home/*/.bash_history]
blacklist=nessus

m_pham · ‎08-16-2021

Check out the solution provided here:

In your case, it would be:

blacklist = \/nessus\/

Reference:

manjunathmeti · ‎08-13-2021

You can use deny list.

[monitor:///home/*/.bash_history]
blacklist=nessus

Forward to indexer all except from particular path