Re: And thus..
"syslog tells you - both process name and PID. So your mythical pwned process could put whatever it likes on the line after that - but only the truly clueless would not notice that the very beginning of each line tells you exactly where the message came form."
The fake process newlines its log and creates a fake tag that ticks all the marks. And the log has to be able to newline in case of structured text output like a hex dump.