Getting Data In

Syslog

SakAch
Engager

I have been tasked with cleaning up the catchall directory in the syslog directory of our Heavy Forwarders. The path is /var/syslog/catchall/. I plan on grouping servers/directories based on the kind of logs being received. I just wanted to ask what kind of logs are usually expected to end up in this directory?

Labels (3)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Ideally, the catchall directory would be empty because the syslog server was configured to have a separate directory for each type of log data coming it.  The catchall directory is there for when someone stands up a new service that sends syslog data.  That unexpected kind of log would land in the catchall directory and, hopefully, alert the syslog admin to the need for additional configuration.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...