The logfiles in question are the ones listed within the /etc/logrotate.d/syslog file.
The /etc/logrotate.d/syslog was altered by someone where the /var/log/cron entry was changed to /var/log/cron.log; which is being generated by the /etc/rsyslog.conf file (another deviation from standards, I know).
All of the targets listed in /etc/logrotate.d/syslog:
- /var/log/cron.log
- /var/log/message
- /var/log/maillog
- /var/log/spooler
- /var/log/secure
do exist, but when logrotate takes action, the files are merely deleted and a new one generated with the standard (cron.log is the exceptional) name.
There is no size directive in either the /etc/logrotate.d/syslog or the /etc/logrotate.conf files.
There is a rotate 8, meaning keep 8 backup/old files, listed in /etc/logrotate.conf.
The machine in question is in an AWS environment.
When I execute logrotate -d, to check debugging output I do not really see any issues, except that it won't rotate the logfiles spooler and maillog, because they are of zero length; no really a concern.
Any other suggestions of what I could try to change to look for a change in behavior, or where else to look for useful logging?