Have you considered a log to IPFIX (NetFlow) gateway? A Flow Replicator might be something for you to consider. It parses syslogs and forwards them on in flow format to your NetFlow collector.
You may be able to do this by utilizing the policy features. If a single data source is sending you multiple types of data that are parsed with different parsers you would create a custom policy that holds all the parsers needed for that data source.
For example if you have a Windows Server that is also a web server -- you would create a combined policy that looks for both Windows OS logs (more than likely WMI or Intersect Alliance - Snare) and Microsoft IIS
Chris - for syslog you can use parent\client structure. In your case (300 routers) you can use two groups.
Unfortunately you can't use this feature in the case of netflow data source...
So does this mean it is not possible to collect flows and syslog from the same data source? If I try there is a conflict involving duplicate IP addresses? With this issue how do I collect both flows and events?