Deployment Architecture

Forward to indexer all except from particular path

Wojt3k
Engager

Hello,

I would like to exclude just one user from forwarding logs and I am thinking if my solution will work:

in inputs.conf I would like to define:

[monitor:///home/nessus/.bash_history]
disabled = true

[monitor:///home/*/.bash_history]
disabled = false

The goal is to exclude logging data from user nessus but to log everybody else.

I am not sure if it's a good solution, maybe someone has better idea? 

Labels (2)
0 Karma
1 Solution

manjunathmeti
SplunkTrust
SplunkTrust

hi @Wojt3k,

You can use deny list.

[monitor:///home/*/.bash_history]
blacklist=nessus

View solution in original post

0 Karma

m_pham
Splunk Employee
Splunk Employee
0 Karma

manjunathmeti
SplunkTrust
SplunkTrust

hi @Wojt3k,

You can use deny list.

[monitor:///home/*/.bash_history]
blacklist=nessus
0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>