I would like to exclude just one user from forwarding logs and I am thinking if my solution will work:
in inputs.conf I would like to define:
disabled = true
disabled = false
The goal is to exclude logging data from user nessus but to log everybody else.
I am not sure if it's a good solution, maybe someone has better idea?
Check out the solution provided here:
In your case, it would be:
blacklist = \/nessus\/