I'm putting together something similar to a logging architecture. It's not a network I'm dealing with (not servers, firewalls, routers...) but something a little different. The location of the devices are secret and very valuable.

For discussion, let's assume I have 10 devices creating logs. I have the option of pushing those logs to a central point, or leaving the logs on those devices.

To read the logs, I'd either be:
Reading the logs locally
Reading the logs remotely

Clearly it's easier to secure a centralized point. However, a centralized point of failure is not good either. If the centralized location is discovered, all of the device locations are discovered (in this scenario, the business is destroyed). I figure a decentralized option may have benefits for that reason (if one device's logs are compromised, the locations of the other devices are still hidden)

By temporarily pulling in the logs to a central location (for the benefits of centralized reporting) I feel I can prevent the disclosure of all the devices by making that information non-existent for the greatest amount of time.

The devices are owned by different third parties and have to meet specifications provided by me to ensure what they report is solid. If they don't meet those specifications, then they can't report in. This creates a high level of untrust, which also points toward the decentralized option (if they mess up, it's their problem... their logs are invaluable then and we can continue monitoring the other surviving devices)

I know this sounds abnormal. But what are the benefits of decentralized logging, and are there any other scenarios you can think of where this is practiced?

Summary: The devices are honeypots reporting in data from third party organizations. There is a high likelyhood that they will be compromised. I want to prevent any discovery of the central logging location.