To what extent sending logs to a remote server is *secure* please?
I mean security regarding a black-hat, not regarding natural incidents like fire, flood, physical failure...
In other words, what measures prevent the black-hat to access my destination server and temper my remote logs as soon as (s)he gets access to my source server (assuming he has escalated his/her permissions and become root)? Indeed, can (s)he take advantage of the existing log connection (let's say it is done through ssh via pre-installed certificates) between the two servers to access&compromise the remote one?
It it a matter of firewalling/protocols somewhere? Or maybe a kind of system where only data can be sent but not removed or retrieved (like unidirectional glass-recycling bins)?
Many thanks in advance!