Is there any benefit from the Sentinel perspective of using one syslog daemon over the other on the linux agent machine? (Or from any perspective for that matter?) Thx!
No difference. Since there is a lot that you can implement using the Syslog daemon, for example implementing Syslog over TLS or filtering events out, it would be best if you use the one you are more comfortable with.