This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Catalina.out is simply the intermingled System.out and System.err streams from Tomcat. Ideally, there would be very little that needs encrypting in them, since they shouldn't be carrying app-specific log information, just a small amount of info relating to the operation of the server itself. That's of course, if your apps do civilized logging and don't just dump stuff out to System.out.
Depending on what OS you're running on, you could encrypt the stdout/stderr streams by piping them to an encryption program before writing them to disk. However the downside of that is that if the server crashes and the pipeline breaks, the encryption process may lose data in transit, and that may include critical messages about why the server crashed.
Customer surveys are for companies who didn't pay proper attention to begin with.