Forwarder not recursively indexing in 6.3. Works in 6.2.5. A bug?

I have multiple servers running a Splunk 6.2.5 universal forwarder and it is indexing recursively just fine from /var/log/... I just installed 6.3, using the exact same install script (very vanilla, nothing fancy), and it is not indexing anything other than /var/log/. Both are running RHEL 6.7. I tried adding 'recursive = true' but that had no effect. inputs.conf are identical on both: [monitor:///var/log] disabled = false index = main I also tried adding a second stanza: [monitor:///var/log/squid] disabled = false index = main recursive = true sourcetype = squid This is especially concerning since this is a proxy server (/var/log/squid/) and it's missing the most important stuff! I would go back to 6.2.5 but I just purged all my older sources... :-\ Am I missing something? thanx!