This is a bit of Catch 22 situation. If you are root, you can inspect the log files, but then no one else can have kicked you out. But if you are not root and someone can have kicked you out, you cannot inspect the log files.
At any rate, the log file to inspect is /var/log/auth.log, which will show who, if anyone, was logged in as root at the time of your kick-out.
The following command
grep -nrI "session closed for user YourName" /var/log
will provide a list of your disconnections, comprehensive of exact times and dates, which you can cross-relate with the presence/absence of every user on your system.
You may also inspect system log files like /var/log/dmesg and /var/log/syslog for events occurring around the time of your disconnections, to see whether your are dealing with bugs rather than mischief.
EDIT:
Sorry, I forgot you said RedHat.
Red Hat family distributions (including CentOS and Fedora) use /var/log/messages and /var/log/secure where Debian-family distributions use /var/log/syslog and /var/log/auth.log.