irt-back is a python application that uses the libvirt API to safely shutdown, gzip, and restart guests.

The backup process logs to syslog for auditing and virt-back works great with cron for scheduling outages. Virt-back is in active development so feel free to give suggestions or branch the source.

virt-back has been placed in the public domain and the latest version may be downloaded here: https://bitbucket.org/russellballestrini/virt-back
Installation:

Le FRench SysAdmins Group (FRsAG) est un groupe d'échange d'informations, de techniques, de conseils entre administrateurs systèmes et architectes techniques francophones.

A thread on the Ubuntu-devel-discuss mailing list last month asked about how to find out what processes are making outgoing network connectsion on a Linux machine. It referenced Ubuntu bug 820895: Log File Viewer does not log "Process Name", which is specific to Ubuntu's iptables logging of apps that are already blocked in iptables ... but the question goes deeper.

Several years ago, my job required me to use a program -- never mind which one -- from a prominent closed-source company. This program was doing various annoying things in addition to its primary task -- operations that got around the window manager and left artifacts all over my screen, operations that potentially opened files other than the ones I asked it to open -- but in addition, I noticed that when I ran the program, the lights on the DSL modem started going crazy. It looked like the program was making network connections, when it had no reason to do that. Was it really doing that?

Backup: MBR: dd if=/dev/hda of=backup-hda.mbr count=1 bs=512 Extended partitions: sfdisk -d /dev/hda > backup-hda.sf Recover: dd if=backup-hda.mbr of=/dev/hda sfdisk /dev/hda < backup-hda.sf