ATP logs have the "localhost". When sending logs from ATP to syslog-ng, they are not getting logged in the correct location.
"Symantec is aware of this issue and will update this document when a solution becomes available. It is not necessary to log a support case on this issue. Please subscribe to this article to be notified of any updates."