Advance Threat Protection (ATP) logs are coming in with the hostname of “localhost”, syslog-ng is not logging these logs to the correct location.
Last Updated September 11, 2017
ATP logs have the "localhost". When sending logs from ATP to syslog-ng, they are not getting logged in the correct location.
"Symantec is aware of this issue and will update this document when a solution becomes available. It is not necessary to log a support case on this issue. Please subscribe to this article to be notified of any updates."
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe