A *long* time ago some people implemented well protected centralised log servers and drop safe logging boxes. The latter were basic non-networked boxes recording logs sent via a serial line. Even the best remote attackers can't hack a non-networked box.
An open source drop safe logging box would be really nice. Erasing your tracks by flooding the box would be impossible in these days of multiple Tb discs. Seals are great but if somebody has adjusted your logs then a copy which has not been edited might be really useful.
Of course FSS might be handy to detect that the logs are unreliable and you should check the emergency ones.