Hello- What is the best way to deal with getting logs for someone attacking my box? I am not really sure, but I think it may involve tcpdump. Is there any way to implement this so that it can be running before an attack happens?.....see the problem is, that I do not have physical access to the box and if it is taken down(unaccessible by remote means), I cannot log in to start a dump. What can I do in this case, or what are my options, if I want to have the network connections dumped somehow with no intervention?....is that a tall order? Thanks, Bob _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"