The Journal - a proposed syslog replacement

Yeah, please excuse my skepticism of this proposal, coming from a group of people advocating a major security change that can't even get basic terminology right. Back in the day, BYTE Magazine used to run an annual April Fools ad for various kinds of write-only memory chips; they reportedly got lots of serious responses from folks interested in purchasing.

Note that just storing the recent hash isn't good enough: the attacker could simply write over it with the last hash on their reconstructed chain, using whatever mechanism the OS was using to write the store. The whole hash chain needs to be kept on the secure store, and append-only is the obvious way to do this. For an append-only store I'd suggest flash and a dedicated microcontroller; see my post above.

Note also that even in this scheme the defender has the sometimes-difficult burden of figuring out at what timestamp the attacker compromised the system, so that the defender can tell which log messages to ignore.