> Somehow I doubt this will pose a problem to an attacker who is so stealthy
> he/she manipulates logs. Most attackers just wipe them. That's why remote
> logging was invented.
Nope. I've seen intruders simply using 'sed' to delete the lines they want to hide. I do think that Journal will defeat log manipulation by many simpler attackers, simply because there are no distro-bundled tools to manipulate them.