Why can't my UF send data from /var/log/messages?

***Question: why is /var/log/messages not forwarded to index?*** My deployment: ---------- UF: version 7.1.2 RHEL 6.10 **/opt/splunkforwarder/etc/apps/_server_app_linux-server/local/inputs.conf** [monitor:///var/log] disabled = false index = linuxlog sourcetype = syslog **etc/apps/_server_app_linux-server/local/app.conf** # Autogenerated file [install] state = enabled **splunk list monitor** Monitored Directories: ... /var/log ... /var/log/messages /var/log/messages-20180805 /var/log/messages-20180812 /var/log/messages-20180819 /var/log/messages-20180826 **ll /var/log/messages** -rw-r-----+ 1 root root 1160093 Aug 30 12:07 /var/log/messages -rw------- 1 root root 653 Aug 5 02:37 /var/log/messages-20180805 -rw------- 1 root root 580 Aug 12 02:05 /var/log/messages-20180812 -rw------- 1 root root 19310 Aug 19 02:42 /var/log/messages-20180819 -rw------- 1 root root 728770 Aug 26 02:05 /var/log/messages-20180826 ---------- Deployment server version 7.1.2 CentOS 7.5.1804 ---------- Search head version 7.1.2 CentOS 7.5.1804 **search:** index="linuxlog" source="/var/log/messa*" ***where is no "/var/log/messages" in sources!*** ![alt text][1] [1]: /storage/temp/255880-splunk-uf-messages-forward-01.png