Try running the 'last' command. If the dates don't go back far enough, point the last command at the compressed wtmp file (last -f /var/log/wtmp.1). The usual caveats about logs apply here, if someone has root they can modify log files rather easily.
Looking at your log file there are appear to be several succesfull logins, including one that is in close proximity to a number of failed attempts. Do any of those successfull logins correspond to times when the system should have been accessed?
This by itself is probably enough of a learning lesson, but the first rule of running any remote shell service is to never, ever allow root to login directly...it's too easy to bruteforce. Along those lines, are the passwords used on this system reasonably secure (random alphanumeric, etc) or were they fairly weak?