Redirecting the logfile using NSH to //appserver/location will work as along as the ACLs are setup to allow this script to run
If you do a rm -f /usr/lib/rsc using NSH, you will definitely log it, but that would be the last command you could run, the agent would "lock" itself out after that, you would have to go in as root and reset the ACL's
If you redirect agent logs to syslog, you will lose logman usage. However, if syslog redirectopn/consolidation is setup, you can consolidate log files
I'd like to see agent log file encryption...