Sending logs in real time preserves the integrity and validity of them, if we add a simplex
connection (one way only), the attacker most likely won't have a way of deleting them. If they are
local or pushed they can delete them before they are pushed.