1. MDE is superior in ease of deployment and pretty much every other way but is not available for every network device, like IoT devices for one example. Log collectors can receive syslog data from virtually any network firewall or web proxy device, so that can cover any host.

2. When using both (MDE and log collectors), you may also get duplicate data for MDE clients going through a network device that is also sending logs to the collector. The only current solution for de-duplication is to simply view the individual reports, instead of the all-up report containing both datasets.

3. I cannot answer your specific questions, but if you are unable to get your log collectors working following our guidance, please contact support.
We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE