I managed to capture a botnet control host, what do I do with it?
If you want it analysed for business reasons then you need to find an appropriately skilled forensic incident response consultant (excuse the jargon: 'A log analysis guy'). These generally cost money, lots of it.
Bear in mind though that most botnet deployments aren't targeted and are very wide-spread. There probably isn't much to learn about it that isn't already well-known and which affects everyone else. Groups that deal with advanced threats won't be terribly interested in this sort of thing, but you might have luck with an AV vendor. Symantec, Sophos, etc sometimes like to collate this kind of data for their glossy white papers.
The most interesting logs are going to be the ones just before the suspicious traffic starts when the botnet actually exploits the system, since that will allow you to do a post-mortem on the attack. However I'm going to use my amazing psychic abilities to assert that something wasn't appropriately patched and that's how the bot got in.
Addendum: For the love of the Gods don't just give access to your systems (or sensitive data on your systems) to some random person on this site.
Contact the FBI, or whoever has jurisdiction over this sort of computer crime where you live. What's being done on your system is a pretty serious crime, and in many places, knowingly failing to report a crime is itself a crime. The last thing you want is for the innocent victims (yourself and your client who you're hosting) to be exposed to legal liability.
First thing would be to report it to incident response team in your organisation or the relevant security team.
Secondly, You can check the web server logs . This will give you vast clues about who was accessing it and what all web requests were made (showing url paths).
If you want to capture live data, use packet analyzer/sniffer utilities such as tcpdump or ethereal and listen on the relevant interface. After that use filters to see the source/destination and it should tell you all communication happening between the remote malicious server and yours.