Hi folks,
I'm trying to work out a way to have centralised logging on Ubuntu 12.04 laptops that aren't always connected to the network.

The research I've done suggests this rules out things like rsyslog, as events that occur when the device isn't connected won't be captured, and the Googling and forum search I've done haven't turned up any alternatives. The main concern is ensuring that security incidents are appropriately logged and can be detected by administrators.

A cron job to periodically upload the log files to a central server might do the job, but ideally there would be real-time logging when the device is online to reduce the risk of log files being tampered with by an attacker, with offline logs being uploaded once the connection is restored.

Does anybody know of a solution that will provide real-time logging for online devices with caching and subsequent uploading for online devices?