This configuration parameter specifies the commands that can be executed using a secure shell (ssh) connection without being audited. You can use this parameter to prevent the auditing service from capturing unwanted session information. For example, by setting this parameter, you can avoid recording all of the binary data sent to and from the server when you execute file transfer commands such as rsync, sftp, or scp through a secure shell connection. By default, the parameter is configured to skip auditing for the rsync, sftp and scp commands, which are the most commonly used file transfer programs.
You can add programs to the list or remove the default programs if you don’t want to skip auditing for these sessions. If you remove file transfer programs from the list, however, long data streams might cause problems when transferred to collector service.
For example, to skip auditing for ftp, rsync, sftp, scp, and wget commands:
dash.ssh.command.skiplist: ftp rsync sftp scp wget