Air gapped syslog
At some time, I have been toying with the idea of using a serial connection to make a secured backup for syslog.
Log can be pushed on a centralized server, but that server needs to be attached to the network and if your network is compromised, the central log server could be too and the logs could be tempered with. The central log server could print every log line to a printer, but that creates a waste amount of paper and would be almost impossible to search through is you have to do some serious forensic.
So instead of attaching a serial printer, I was considering attaching a small machine to the log server, via serial line and that would record all that is being send. Of course that small machine would not be on any form of network. But the logs would be on disk and could be searched and analyzed automatically if needed.
It never get implemented.