Create an Integrity Check Job
An integrity job checks if the files that you define have been altered since they were originally stored. This can alert you to unauthorized modification of critical system or content files. The results of this check will show which files have been altered. If none of the files have been altered, you will be notified that the check was successful.
For documentation search the help for 'Integrity Check'.
The thing is the integrity check will let me know that somebody altered the logs after the fact. What I need to prove is that there are security measures in place so that logs are not knowingly/unknowingly tampered or deleted.
There are a few layers of security. First the logs are stored in a non-human readable format. Second, if the logs are stored on the McAfee approved hardware (local ELM or McAfee DAS) the security measures are the same for the appliance with restricted, one user, admin only access. If the user chooses the option to store the logs on the network via CIFS or NFS, the security of those ELM logs becomes dependent on the system admin to administer on those remote servers.