Thank you everyone, the thread model is basically local attackers(physical tamper), that’s why I want a remote location for logging through internet.
The devices are basically personal portable ones, such as laptops and smartphones.
The log do not need to be very detailed, just critical ones, such as power on/off, log in/out, port plug in/pull out, root request, etc.
This maybe the only forum that can accept these thoughts and giving good advices, without being called “mad”. That’s why I love here.