Hi Attila,
Yes, you can use the same port for UDP and TCP.
while you *can* do that, you probably *should* not. TCP/514 is the registered port fpr rsh (remote shell, an ancient ancestor of ssh without encryption). There is no official registered port for syslog over TCP (https://tools.ietf.org/html/rfc6587), but a common practice (which I've been following as well for years without any collisions so far) is to use port 601, which is registered for syslog-conn. (http://networksorcery.com/enp/protocol/syslog.htm). The RFC also mentions using 514 plus a multiple of 1000 for the port number, i.e. 1514, 2514, ..., as a viable option.
It would look something like this, in your config:
source s_net { syslog(ip(0.0.0.0) transport("udp") port(514)); syslog(ip(0.0.0.0) transport("tcp") port(514)); };
So I'd change that to source s_net { syslog(ip(0.0.0.0) transport("udp") port(514)); syslog(ip(0.0.0.0) transport("tcp") port(601)); }; to be on the safe side. While rsh is somewhat out of fashion these days, auditors that find an open TCP port 514 tend to at least ask questions about it :-) Best regards, Peter.