Who did say you cannot use text format?
You could even use standard syslog with only one minor change; it's enough to add at the end of the line another piece of text with the hash computed concatenating the syslog line with the hash of the previous line.
line 1: Timestamp1 Message1 Hash(line1 + salt)
line 2: Timestamp2 Message2 Hash(line2 + hash1)
line 3: Timestamp3 Message3 Hash(line3 + hash2)
line 4: Timestamp4 Message4 Hash(line4 + hash3)
3 years ago, in Italy, a new discussed law required to guarantee the integrity of the logs, and at that time I started to write a patch for rsyslog to implement exactly the above schema. The law wasn't approved in that way so I abandoned the develop of such thing, but it's not too complicated to write it.