I haven't used Orion in many years but I assume it is still backed by some SQL version. Syslog is a lot of small writes and can quickly impact the DB performance.
We have Kiwi as our primary syslog engine. It sits between our monitoring and reporting tools and NXlog, which is our 'bulk' syslog receiver. We have a pair of NXlog instances and 4 Kiwi syslog servers capturing around 1.2 million messages an hour from approximately 2200 sources.
NXlog receives all syslog traffic. It does all the writing to disk and some broad filtering. Everything that isn't filtered here is sent to Kiwi. Kiwi has many rules to match and take action on interesting data. Some of it gets written to logs, others(approximately 20%) generate emails or event logs. Items that need action(appromitely 1-2%) get sent to the monitoring tools for alerting, HD ticket generation, search, etc.
NXlog could do everything Kiwi does but Kiwi has a nice interface that is easier to get less experienced staff to understand and manage. NXlog is all done in the config file and can become hard to follow with complex matching and actions.
Deciding what it interesting data tends to be pretty specific to the organization. Generally you will want security events, hardware and application failures, non-information level events and the dreaded 'others'. With the number of sources you are talking about I would definitely use Kiwi in front of Orion.