Syslog and ICMP

No, I tried above command before but it is giving only syslog capture but not both as the function is "or", i used below command udp dst port 514 or icmp

Well, this is the BPF (for Ethernet) if you're interested:

(000) ldh      [12]
(001) jeq      #0x86dd          jt 2    jf 6
(002) ldb      [20]
(003) jeq      #0x11            jt 4    jf 16
(004) ldh      [56]
(005) jeq      #0x202           jt 15   jf 16
(006) jeq      #0x800           jt 7    jf 16
(007) ldb      [23]
(008) jeq      #0x11            jt 9    jf 14
(009) ldh      [20]
(010) jset     #0x1fff          jt 16   jf 11
(011) ldxb     4*([14]&0xf)
(012) ldh      [x + 16]
(013) jeq      #0x202           jt 15   jf 16
(014) jeq      #0x1             jt 15   jf 16
(015) ret      #262144
(016) ret      #0

Maybe, when looking at the frame, you can figure out why it's not working for you. If VLAN is involved prefix the filter with the vlan keyword.