Encrypt Your Log Files
Another very useful technique for log protection is to encrypt the log files. When attackers try to edit the files, they will not be able to alter them meaningfully without the encryption key. The attacker's only option will be to delete the log file, a very noticeable action. To encrypt log files, a so-called secure syslog tool can be used, such as Core Labs' tool at http://www.core-sdi.com/english/freesoft.html. Of course, syslogging to a separate logging server can be combined with this log encryption technique to even further protect the system logs.