Advance Threat Protection (ATP) logs are coming in with the hostname of “localhost”, syslog-ng is not logging these logs to the correct location.
Updated On:11-09-2017 10:03
Advanced Threat Protection Platform
ATP logs have the "localhost". When sending logs from ATP to syslog-ng, they are not getting logged in the correct location.
"Symantec is aware of this issue and will update this document when a solution becomes available. It is not necessary to log a support case on this issue. Please subscribe to this article to be notified of any updates."