I think it would be cool if the prebuilt appliance connectors were more accurate and built to the point that the connectors matched the designs of the product they were named after, so that for example a Cisco ASA, which logs to multiple log files over time, would automatically have all the connectors added once it was detected. I struggle to even just figure out whether any given connector, whether discovered or manually added, is the correct connector because I can't always find any documentation that lists what models the particular connector was originally designed for and when the connector was designed.
I totally understand it is hard to detect every vendor product accurately, so maybe it would help to have a separate tool where you could put in your various device IP's and have a dropdown to select the appropriate predefined connector out of the 500, and have it already know to create all of the correct connectors for that product. My understanding is that with so many vendors and vendors frequently changing syslog configurations, this is a moving target, but the idea seems nice!
Yet another good idea would be to have some logic that looks at existing connectors and tries to match any new connector found to any connector tied to an existing IP. This would help the Scan for Nodes process determine that for example, if I have a Pix IOS connector already tied to a particular IP address, it might not choose a Microtik connector to match logs in the alert.log file if the log entries are from that same ip address.
