I was thinking about this today.. I wonder if this would work using the deployment server?
As long as the file/folder permissions are good between Splunk and Syslog-NG, I would think this will work..
At the very top of the syslog-ng.conf file, I added a statement:
Likely because I'm editing the file in Windows and deploying to linux, there were some syntax errors with missing spaces - identified with the command
The output from that shows that there was a syntax error, but also where it pulled it from (my deployment server path)
After that, reloading the syslog-ng config made the new, managed config go live.
Hope this helps!