One thing you can do for the future is to setup syslog to save log files to another machine do you have another machine you can use for logging? this will help when keeping the log files from being tampered with or deleted entirely also you should probably setup an IDS (intrusion detection system) something like SNORT is very good this can be used to detect any attack attempts that may occur.