The syslog forwarding service in ClearPass does not support round robin DNS for the syslog server. We have two syslog servers for HA, but the ClearPass servers will pick one of the two from the round robin DNS and stick to it, evne when one of hte two server is off line. It seems the solution is to put a load balancer in front of the syslog servers, but that is an expensive solution for log transport when most syslog agents are aware of and use round robin DNS.
On a related side note, it is not acceptable to have to reboot the entir ClearPass applicance for it to reconize syslog target changes.