If it is a remote syslog server, would that decrease the chances the session being interrupted since it only has one task to do (excluding cron tasks like tripwire)? How would i be able to tell if a burner supports burning small amounts of data in real time slowly?
Logging remotely would increase my trust of the logs but only slightly. I would have at least syslog and ssh services that could be exploited which would make it fairly vulnerable. I'd have a hard time trusting any logs unless it was impossible for the entries to be deleted. If i can't trust logs relating to security they seem to be useless... or maybe i'm just paranoid
It might not be possbile now, but it should be. Its extremely important to have logs and its a common thing for hackers to edit them yet no ones working on creating a simple solution to prevent it. :/ I would but i don't know anything about how cdr's work