Getting Data In

Syslog

SakAch
Engager

I have been tasked with cleaning up the catchall directory in the syslog directory of our Heavy Forwarders. The path is /var/syslog/catchall/. I plan on grouping servers/directories based on the kind of logs being received. I just wanted to ask what kind of logs are usually expected to end up in this directory?

Labels (3)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Ideally, the catchall directory would be empty because the syslog server was configured to have a separate directory for each type of log data coming it.  The catchall directory is there for when someone stands up a new service that sends syslog data.  That unexpected kind of log would land in the catchall directory and, hopefully, alert the syslog admin to the need for additional configuration.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...