First of all I am new to icinga.
Welcome 
1.Can we have a HA setup like this ? Install 2 standalone servers, each
using its own local database. Slave will sync configuration and database
from master server every few minutes or hours.
In what way is that “HA”?
A DB which is a few hours out of date, for a real-time monitoring system, is
not a good design.
If you want HA, you should set up DB replication (using DB tools, not anything
like rsync), which works in real time and genuinely contributes to the H in
HA.
- Is it possible for Icinga to receive and analyses system logs and show
alert if there’s a system error ?
Provided you can find or write (it’s not hard, you can do it in any language
you like) a plugin which does the analysis you need to indicate “a system
error”, then yes. Bear in mind that all Nagios plugins can be used directly
with Icinga.
Is it possible to export the filtered syslog results to a text / excel file ?
That would not be a job for Icinga - it sounds like you need a decent pre-
processor for the type of analysis you’re looking for.
How long can we keep the syslog if the daily log size is 1GB?
Well, a one Terabyte disk is pretty basic these days, and that would give you
just about 3 years. Multiply by Tbytes and/or disks for more.
- Is it possible for Icinga to receive and analyses security logs e.g. IPS,
IDS, AV and show alert if there’s an intrusion ?
Yes, this would count as a “passive service check”.
I already read the docs but may be i missed some part.
I hope you found at least the following:
https://icinga.com/docs/icinga2/latest/doc/06-distributed-monitoring/
#high-availability-master-with-agents
https://icinga.com/docs/icinga2/latest/doc/05-service-monitoring/
#log-monitoring
https://icinga.com/docs/icinga2/latest/doc/05-service-monitoring/
#new-checkcommand
https://www.monitoring-plugins.org/doc/guidelines.html
https://exchange.nagios.org/directory/Plugins
https://icinga.com/docs/icinga2/latest/doc/08-advanced-topics/
#external-check-results
Regards,
Antony.