tripwire log checking

[Dolf Andringa <dolf.andringa () elcyon nl>]

Hey all,

From a security point of view it is wise I think to know that nobody 
has messed with the logs on a linux machine, because hackers often try 
to remove any evidence of their presence. So tripwire, which I use to 
keep an eye on file modifications, watches my /var/log folder for 
changes (which it does by default on Ubuntu Hardy Heron server edition). 
But due to logrotation and additions to my logs, tripwire keeps 
complaining that files have been added and modified. Of course tripwire 
says that since after every logrotation, files are moved around 
(/var/log/syslog->/var/log/syslog.0, syslog.0->syslog.1.gz, etc).
So, my question is, do other people check their logs for integrity, and 
if so, how?
Cheers,

Dolf.