[CentOS] secure file not updating

Sat Dec 13 17:33:06 UTC 2008
Barry Brimer <lists at brimer.org>

>>> On my Centos 5 server, the secure file has not updated since Dec 10.
>>> This despite the fact that I run an sshd server that I access many
>>> times per day.  Most peculiar is the fact that a swatch monitor that I
>>> run on the secure file catches plenty of lines.  It is as if when
>>> swatch catches a line in the file, the line is removed from the file
>>> and the modification date is set back.  Hard to believe.  Any ideas?
>>
>> What is the output of "lsattr /var/log/secure"?  Do you have SELinux
>> enabled, and are there any corresponding lines in
>> /var/log/audit/audit.log?
>
> # lsattr /var/log/secure
> ------------- /var/log/secure
>
> selinux is disabled
>
> /var/log/audit/audit.log appears to have lines describing a login
> I did a few minutes ago, and its modification date is correct.
>
> # ls -l /var/log/secure
> -rw------- 1 root root 18950 Dec 10 12:38 /var/log/secure
>
> # date
> Sat Dec 13 09:42:36 EST 2008

Any unexpected syslog configuration?  Does a touch update the timestamp?