Thanks, that would be very helpful if product management can just confirm if it should or should not work over TLS. I'm not sure there's a setup to test this in our environment yet either - another team manages the app and is in progress getting stuff going there.
Trying to just work out what options there are since the requirement to protect the information we'd have to either (1) encrypt the syslog messages themselves before sending [which the product doesn't support today] or (2) use secure TLS syslog.
My preference would be to do option #2 with a properly implemented TLS 1.2 (eventually 1.3) remote syslog. Then on the syslog collector it can handle the data at rest encryption needs for storage of them.