We have 4 NetApp's, all version 9.16.  These are government systems, so we have no way to upload logs or configs, we'll have to do this the hard way.
3 of the 4 simply will not send syslogs to the internal syslog server.  As far as we can tell, the 1 NetApp that is working, is configured exactly the same way as the 3 that are not working.

We have been through several guides and posts on the Google machine and have come up empty on everything tried.

 - We have a working filter, tested with the 'event filter test' command
- We have valid syslog destinations in IP address format (though, just to be 100% sure, we also have DNS configured and working)
- The syslog destinations have the correct filters applied
- We can generate a test event and see it in the ONTAP event log (we've been using monitor.volume.nearfull)
- Using the event history show -destination syslog_1 (syslog_1 being our defined dest) we see absolutely nothing
- This is confirmed with a tcpdump command on the syslog server itself seeing no packets
- It's as if the syslog service never gets notified that it needs to send a syslog

- We can ping and traceroute the syslog IP address (and even the DNS name) from the ONTAP CLI

At this point, we're down to a suggestion to login to the systemshell and reset notifiyd.  We are, however, pretty nervous about doing so, and since 3 of our 4 devices don't work, it seems like this is not the right thing to be mucking with.  

Does anyone have anything on this topic.  syslog configurations are pretty darn simple, usually, and ONTAP9 doesn't really seem to be any different.  Is there some obscure option, somewhere, that needs to be enabled or something?