I have been tasked with cleaning up the catchall directory in the syslog directory of our Heavy Forwarders. The path is /var/syslog/catchall/. I plan on grouping servers/directories based on the kind of logs being received. I just wanted to ask what kind of logs are usually expected to end up in this directory?
Ideally, the catchall directory would be empty because the syslog server was configured to have a separate directory for each type of log data coming it. The catchall directory is there for when someone stands up a new service that sends syslog data. That unexpected kind of log would land in the catchall directory and, hopefully, alert the syslog admin to the need for additional configuration.