Hello everyone. I'm a newbie and this is my first post, and I'm hoping to get some help understanding what happened on my server. I did as much research as I could, but now I turn to the forums for help 
I've set up a VPS server and I "thought" I had good enough security on it, but all of a sudden I notice my /var/log/secure is empty and all the other syslog files, and rsyslogd stopped working (though I was able to restart it)... I'm wondering if this is sufficient security and what to do to prevent hackers: I've got a CentOS 5 box with iptables locking everything but ports 53,80,443 out. SSH is on a secret port using RSA/2048 encryption and public/private key login with root login not allowed. Password login also not allowed. Ports MySQL, SSH, and FTP only open with port knocker. I'm wondering if I've got weak settings and what to do about security. Also wondering if there's a way to know if I've been hacked, though I can't seem to find any traces of anything gone wrong, just empty log files. I checked that the conf for rsyslog is set to write authpriv.* to /var/log/secure.
I guess my biggest question is, did rsyslog just fail, and empty all my log files as a result? And is this configuration enough to be reasonably secure and what more can/should I be doing? Thank you for all your help!!
iptables info:
#what I type to start and not lock self out:
sudo iptables -P INPUT ACCEPT
sudo iptables -F
#local:
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
#http and https:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
#dns:
sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
#mail:
sudo iptables -A INPUT -p tcp --dport 25 -j ACCEPT
#dbs & sphinx:
sudo iptables -A INPUT -p tcp -s [DB SERVER IP] --dport 3306 -j ACCEPT
sudo iptables -A INPUT -p tcp -s [DB SERVER IP] --dport 9312 -j ACCEPT
sudo iptables -A INPUT -p tcp -s [DB SERVER IP] --dport 9306 -j ACCEPT
#block rest but allow outgoing
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT
#knock settings (upon successful port knock sequence):
iptables -A INPUT -s %IP% -p tcp -m multiport --dports [SSL PORT],3306,9312,9306,21 -j ACCEPT
#and on close:
iptables -D INPUT -s %IP% -p tcp -m multiport --dports [SSL PORT],3306,9312,9306,21 -j ACCEPT