SWG is configured to send an alert to a remote syslog server. The alert detail does not include a distant IP which is included in the custom report.
The alert details are not configurable in SWG.
SWG is working as designed. The syslog priority (debug, info, notice, warning, err, crit, alert, emerg) does not affect the data presented.
The default alert details will include the followings:
Data/Time Stamp, Hostname, Detection Name, Category, Severity, Action, Detection Type, Hits, Requested URL or File