Our secure instances log Server General activities at four separate locations (real-time). Even the administrators are unable to alter all four copies since three copies are stored outside of their administrative control. This essentially nullifies log tampering attempts. Most auditors appreciate this approach.