
The conventional logger was not designed to check the messages sent to 
it, so a creative attacker can insert misleading information into the
system log, eg:

echo -ne "<13>Dec 12 42:41:40 login[42]: ROOT LOGIN on \`tty7'\0" | idsasocket /dev/log

In contrast idsasyslogd will try to write proper time, process id and user
identity, reducing the options for an attacker. In particular it makes
the logs more reliable forensically and reduces chances of an attacker
framing an innocent bystander.

Idsasocket assumes a stream unix domain socket.
