Date: Fri, 10 Dec 2004 19:01:59 -0500 From: Bob Ababurko <ababurko@adelphia.net> To: freebsd-security@freebsd.org Subject: need some advice on connections logs Message-ID: <41BA38F7.6020409@adelphia.net>
next in thread | raw e-mail | index | archive | help
Hello- What is the best way to deal with getting logs for someone attacking my box? I am not really sure, but I think it may involve tcpdump. Is there any way to implement this so that it can be running before an attack happens?.....see the problem is, that I do not have physical access to the box and if it is taken down(unaccessible by remote means), I cannot log in to start a dump. What can I do in this case, or what are my options, if I want to have the network connections dumped somehow with no intervention?....is that a tall order? Thanks, Bob
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41BA38F7.6020409>