well... i was running a linux box on RH 7.3 with apache and squid...main use of this box as proxy server....ports 22,80,81,443 were open......well someone used mod_ssl apache hole to spawn a remote shell and probably ptrace hole (by reverse ftp) to get root on th system...as soon as i discovered it...i closed the server for public access and now i want to analyse the server...but wait...he did another job ..... he pointed all the log to /dev/null exacept for boot messages to /dev/console......now i have 3 question..........

1. how can i analyse the logs offline...i.e i want to download the logs from that system(RH7.3) to another mandrake (9.1) and want to analyse those...any tools???

2.what are the various log files that i need to copy offline??

3. now when i boot into the box...after starting the network ...both of eth0 and eth1 (on proxy server, the hacked one) goes into Promiscuous Mode..now i am unable to access my proxy server using ssh...what is this mode...and how can i get both of my cards out of this mode...

any help is highly appriciated and thx in advance......