Looks like a false alarm. Turns out syslogd crashed when /var/log/syslog reached 2.0 GB. So, no intruder, but I have another mystery. My syslog.3 file is filled with lines like this:
Nov 22 13:52:27 Nimitz inetd: /usr/sbin/famd: exit status 0x1
Nov 22 13:52:27 Nimitz inetd: execv /usr/sbin/famd: No such file or directory
Looks like dropline gnome strikes again. Dropline stopped working for me, so I did an uninstall, which borked my whole system. I should have just started over at that point, but instead I just used swaret to get X and KDE back. Now I'm regretting that again because fam was a dropline package, and the entry in /etc/inet.d remained after the uninstall.
This isn't what I'd call a production box. Just my home PC. It's protected by an IPCop firewall, so I'm pretty confident no one is getting in, but the missing log files really made me worried.
Thanks for your help.