Generally, syslog is for router related events such as ipsec connections, login failures/successes, etc. You can't get a good "flow" of traffic from syslog logging, but you can get history of when, say, someone logs into the VPN.
Netflow allows you to see who's using up bandwidth, what ports/applications are using the most bandwidth, and it can create trends. This can help you determine if you would need more bandwidth, more control over the types of applications/ports to allow out, or how to implement QoS.
Neither one of these technologies are affected by NAT setup (that I know of). They will work just fine.
And in answer to which you should use: Use both. They both do different things.
HTH,
John
HTH,
John
*** Please rate all useful posts ***