AMA local caching for syslog/CEF Log Collectors
I am provisioning log collector VMs to collect syslog/CEF traffic. I need to ensure that in the event of a network connectivity issue, the log collectors can hold logs for up to 24 hours. Once connectivity is reestablished, the logs should be uploaded to the Log Analytics Workspace (LAW). Total 9 VMs are there with each log collector VM is sized to handle up to 10,000 Events Per Second (EPS).
A network load balancer will be used to distribute traffic among the log collector VMs.
Note: To store the events generated at a rate of 10,000 EPS for 24 hours, approximately 411.51 GB of storage is required per VM.
Queries:
Can the log collectors hold logs for 24 hours for a VM receiving 10,000 EPS?
Does the Azure Monitor Agent (AMA) support local caching for more than 10 Gbps?
What is the Microsoft recommended design/solution to achieve the above business objective?