VIP control across data centers - how to ensure only 1 VIP is up at a time?

Hi -- at a very high level, we have a need for two VIPs (one in each data center), with automated orchestration so that only 1 VIP is up at a time.

In more detail, we are setting up VIPs to proxy syslog UDP; and having two data centers, and for maximum redundancy, our thought is to have a VIP in each data center, and configure all syslog clients to send to both VIPs.  Note that we want to configure the client's syslog destination using IPs, not hostnames, to eliminate DNS as a point of failure.

(anycast would be perfect for this, but isn't workable from a technical perspective, since we use OSPF within the data centers; and GSLB [via GTMs, DNS controllers] is not an option, since we don't want to rely on DNS resolution for the syslog destinations)

However, one further req't is that we can't allow duplicate syslog transmission; the SIEM we're using can only accept one set of syslog records - it lacks deduplication.  So, as a result, it's important that only one or the other of the VIPs be proxying the syslog received from a device.

We can accomplish this manually, by always having one of the VIPs force offline.  However, we're looking to automate this, so that we don't have windows where no syslog is processed, during the wait for someone to login and enable the backup VIP.

So - what are the techniques others have used to orchestrate availability of VIPs such that only 1 is available?

Would this be accomplished if we were to establish a new device group, with the LTM from each data center in it?  Can you HAVE a device group across WAN links like that, without risk of split-brain effects?

Or, can we use iRules to somehow accomplish this?  E.g. in one data center's VIP, have a client-accepted rule that performs an external monitor check of the other data center's VIP, and rejects the packet if that VIP is up?

Any thoughts welcome!