"..with SRX running 10.3R2 & 10.2R3. Sadly, NSM doesn't seem to parse the logs from earlier versions"
Do you have this working with the the SRX branch? We are running 10.2R3 and when trying to switch to "security log mode stream" the entire configuration is accepted but in the logs following the commit we see the message " Stream has no meaning when system-event-mode is on" and no logs forwarded to Syslog. We have not tested with JunOS 10.4R3 yet, we're waiting on the NSM schema to be released first.
NSM will handle traffic logs from JunoS 10.x versions if you have configured the log mode to event and set the event rate to 1000 eps as recommended. NSM log categorization under event mode works well, but the standard STRM log categorization is basic. Hopefully once we can get stream working, both STRM & NSM logging will be categorized best.
Here's our configuration (a reboot does not resolve this).
set security log mode stream
set security log format sd-syslog
set security log source-address <source address of dmi device>
set security log stream nsm-dataplane-log category all
set security log stream nsm-dataplane-log severity info
set security log stream nsm-dataplane-log format sd-syslog
set security log stream nsm-dataplane-log host <ip of nsm devSvr>
set security log stream nsm-dataplane-log port 5140
The error in default-log-messages is
"UI_CONFIGURATION_ERROR: Process: rtlogd, path: [edit security log], statement: stream nsm-dataplane-log, Stream has no meaning when system-event-mode is on"