This document is a little dated for 7.0.
I'm not sure exactly which version this was added, but you don't need to do the same with current versions.
If you have multiple machines in a central management cluster, you can use the %h variable on the Destination and Host Autopushing parameters to provide unique values per appliance's host name.
So if I setup Web Reporter to accept incoming log file files from 3 appliances: mwg7-1, mwg7-2 and mwg7-3 and those are the host names of each appliance, I can substitute %h for the username:
If I wanted to push the access log from each MWG to a different FTP directory, i would do something like this:
You will need to make sure all the passwords are the same for each appliance because the shared configuration in a cluster gets replicated and the password cannot be substituted.
As for Syslog, i don't know which SIEM you use, but most syslog servers identify the sources by the IP address of the sender. you may not need to have a seperate log source in your case.