-
Use WORM (Write Once Read Many) storage media.
Alternatively have the syslog server be write only and use MFA for the encryption and local accounts so that even if a hacker got the creds they would also need your physical security token. -
Any remote log can be blocked by removing the connectivity to the remote location (including blockchains). I’m not familiar with a way to prevent local access when a network logging location isn’t available, but I would say to configure MFA as that is likely a more practical preventative measure than logging. You could also cache the logs and have it send them to the syslog server once the syslog server is again available.
If you use different credentials and different MFA solutions between the systems the chances of all credentials required being compromised is extremely low.