I'm writing a program that inspects system log messages as they appear and does something. It is currently working only with journald/systemd via journald API but users have requested for it to be syslog agnostic completely. That means it has to work regardless of what kind of system log daemon is working and even without it at all if needed.
The way I understand how system log works, there's /dev/log socket which syslog daemon listens to and everything else writes to. Is there a way to peek inside the traffic on that socket?
I also know I can configure, for instance, syslog-ng to forward messages to my program but this is something I'd rather not ask my users to do.