Examining /dev/log

I am summarizing the comments to a complete answer. Note that @MarkPlotnick was the first to point toward the right solution.

As you can see in ls -lL output, the file pointed by you link is a socket, non a regular file or a pipe.

~$ ls -lL /dev/log
srw-rw-rw- 1 root root 0 Aug 23 07:13 /dev/log

Look at the first character of the output. That s means that the file is a socket.

You cannot use the redirection mechanism > of bash (or, AFIK, any other shell) to write in a socket because the shell will try to open the file and open does not support sockets. See man open for details.

You have to use a program that connects to a socket. See man connect for details.

As an example, you can use netcat or socat (see How can I communicate with a Unix domain socket via the shell on Debian Squeeze?).

For sake of completeness, you can use the redirection on pipes.

~$ mkfifo /tmp/fifo
~$ ls -l /tmp/fifo
prw-rw-rw- 1 root root 0 27 ago 15.04 /tmp/fifo
~$ echo "hello" > /tmp/fifo

Look at the first character of the ls output. That p means that the file is a pipe.

To add some additional info to the accepted (correct) answer, you can see the extent to which /dev/log is simply a UNIX socket by writing to it as such:

lmassa@lmassa-dev:~$ echo 'This is a test!!' | nc -u -U /dev/log 
lmassa@lmassa-dev:~$ sudo tail -1 /var/log/messages
Sep  5 16:50:33 lmassa-dev journal: This is a test!!

On my system, you can see that the journald process is listening to this socket:

lmassa@lmassa-dev:~$ sudo lsof | grep '/dev/log'
systemd       1                 root   29u     unix 0xffff89cdf7dd3740       0t0       1445 /dev/log
systemd-j   564                 root    5u     unix 0xffff89cdf7dd3740       0t0       1445 /dev/log

It got my message and did its thing with it: (i.e. appending to the /var/log/messages file).

Note that because the syslog protocol that journald is speaking expects datagrams (think UDP), not streams (think TCP), if you simply try writing into the socket directly with nc you'll see an error in the syscall (and no log show up).

Compare:

lmassa@lmassa-dev:~$ echo 'This is a test!!' | strace nc -u -U /dev/log 2>&1 | grep connect -B10 | egrep '^(socket|connect)'
socket(AF_UNIX, SOCK_DGRAM, 0)          = 4
connect(4, {sa_family=AF_UNIX, sun_path="/dev/log"}, 10) = 0

lmassa@lmassa-dev:~$ echo 'This is a test!!' | strace nc  -U /dev/log 2>&1 | grep connect -B10 | egrep '^(socket|connect)'
socket(AF_UNIX, SOCK_STREAM, 0)         = 3
connect(3, {sa_family=AF_UNIX, sun_path="/dev/log"}, 10) = -1 EPROTOTYPE (Protocol wrong type for socket)

Note I elided some syscalls for clarity. The important point here is that the first call specified the SOCK_DGRAM, which is what the /dev/log socket expects (since this is how the socket /dev/log was created originally), whereas the second did not so we got an error.