There are no special IPs for Syslog. It encrypts the traffic using TSL 1.2 to the standard public endpoints. Both the AMA and MMA agents share the same firewall requirements. https://learn.microsoft.com/en-us/azure/azure-monitor/agents/log-analytics-agent#firewall-requirements
The MMA agent on Linux does not support dual homing. The new AMA agent does support dual homing on Linux. I assume you would simply setup two DCR rules.