If you strace the simplest command, say 'ls -l', you'll find hundreds of system calls which return an error and are ignored by the 'ls' process. E.g.: trying to open the dozen or so possible locations of locale files, ld.so files, etc.
If all of those error-returning calls each get a line or two sent to syslog with the reasons for the denial, you'll fill your log partition pretty quickly. Appart from the huge workload the syslog process would have.
The policy ('I want this error logged' or 'I don't want this error logged') belongs in userspace, not kernel.