I currently have a single connector via ArcMC to receive syslog from Cisco firewalls, but the company will implement more firewalls in the future and some are from Checkpoint. We also have lots of routers and switches from different brands. The only thing in common for all those network devices is that they all speak syslog.
Is it better to setup a single syslog smart connector to receive syslog from all those different devices or to setup a connector for each kind of device, or perhaps each brand?
If I setup a single smart connector to receive syslog from a Cisco firewall and a Checkpoint firewall, would this connector be able to parse both logs at the same time? Would I need to do some tweaking in the connector settings?