I would like to exclude just one user from forwarding logs and I am thinking if my solution will work:
in inputs.conf I would like to define:
[monitor:///home/nessus/.bash_history]disabled = true
[monitor:///home/*/.bash_history]disabled = false
The goal is to exclude logging data from user nessus but to log everybody else.
I am not sure if it's a good solution, maybe someone has better idea?
You can use deny list.
View solution in original post
Check out the solution provided here:
In your case, it would be:
blacklist = \/nessus\/