You might want to start with the logs;
messages,
secure,
syslog,
access_log,
error_log (those two from your Apache installation), possibly
mail,
cron and
NTP (if you log it). Probably not going to find much from a few weeks ago but it might be worth a shot. Look though any other logs you may have while you're at it.
A good tool to install for monitoring network traffic is
NTOP (
http://www.ntop.org/). 'Course that would be after the horse already left the barn but for the future, eh?
NTOP will show you graphically what's going on now (and what's been going on over time) that might point you in a direction.
If there's no records to look at and it only happened once and hasn't happened again, well, chalk it up to the ghosts in the machine -- but more likely a user being naughty or somebody trying to hack you, hopefully unsuccessfully.
Hope this helps some.