[umaguma]

The post from 1997 assumes /var/log is not vulnerable tampering; assumes that the syslogd or access to the socket or port it's writing to is not vulnerable to compromise; and assumes that all signifcant programs write to a log.

The world is much more familiar with UNIX in 2015; I trust that today no one would rely on /var/log.

My approach would be to look at periodic memory dumps and look for anomalies there.

And not to rely on the integrity of utilities stored the system that you are analyzing.