Thanks for your answers, dwaddle & clyde.
The reason why I asked those questions was,
almost every RFPs releated to financial/government require that logs must be prevented from alteration and forgery (And searchable!!).
Storing logs to WORM-like media might be the simplest solution.
But, Splunk's frozen buckets doesn't look searchable.
Digital signing could be alternative but there will be some other issues such as algorithms, certified cryptographic Module(CMVP), verification loads, etc. (Self-signed certificate is not be acceptable)
Regards,
... View more