more on reasonably-secure machines

[Dave Long]

> Obviously if the attack leaves syslog entries, sending syslog stuff to
> other systems in real-time will help; removing syslog entries from a
> machine you haven't yet compromised is likely to be somewhat
> difficult.

Back in my misspent youth, machines lived in machine rooms, and 
syslog stuff went to a non-glass console which printed on sheet-fed 
paper.

Even with physical access to the console, removing syslog entries
would not have been easy.

-Dave