Need help with checking if my router was compromised

This morning while looking at my LEDE home router syslog, I saw several attempts of logging into the router with ssh from the internet. The problem is, I was sure I configured the router to only let lan access ssh, which was not apparently the case until recently (probably because I changed something in the firewall last week).

Everything is now fixed and no one can access it from the internet. I am now worried that maybe someone got access to my router within that one week period and did, lets say, some malicious things on it. Because I thought only lan could ssh into it, root login was enabled with a not super strong password. I am trying to see if someone was able to login successful, but all commands (like last) or files (auth.log) that I check are not present on LEDE.

Right now, I am not trusting that router and it is temporally replaced with an old router I have. I hope someone could help me know if someone acessed the router, and if I should and how to reset LEDE .

Just reflash the whole thing.
Problem solved.

P.S. You can also check file change dates to make sure none of the config was modified.

Not very reliable, since metadata can be changed if an attacker wants to do that. I would reflash the thing just to be on the safe side.

Yes, I'm aware but that's the first thing you can do if you don't know what to do.

Sorry for taking a long time to respond. I did like you two said: I reflashed LEDE. I find it a bit weird that there is no way to track logins on LEDE (or OpenWRT). I'm I the only one who thinks this could be convenient and probably would not take too much ressources?