If the rsyslog.conf has Unicode characters, SEP truncate the last few entries from rsyslog.conf file upon SEP services start-stop
e.g.
Below is the example of end part of rsyslog.conf with comment in Unicode characters.

# サンプルコメント　<--- here is Unicode characters
# ### sample forwarding rule ###
　#action(type="omfwd"
　# An on-disk queue is created for this action.
# down, messages are spooled to disk and sent when it is up again.
　#queue.filename="fwdRule1" # unique name prefix for spool files
　#queue.maxdiskspace="1g" # 1gb space limit (use as much as possible)
　#queue.saveonshutdown="on"

Upon following below command, and SEP service restart

/usr/lib/symantec/stop.sh
systemctl restart rsyslog.service
/usr/lib/symantec/stop.sh

SEP truncates few lines from rsyslog.conf and add some entries for Symantec Host IDS
e.g.

# ### sample forwarding rule ###
　#action(type="omfwd"
　# An on-disk queue is create       <----- The string after this is missing
# The following is required for Symantec Host IDS - Do not edit or remove
*.info;mail.err;mark.none |/var/log/ids_syslog.pipe

14.3 RU5

If the rsyslog.conf has Unicode characters, SEP truncates the last few entries.

A fix for this issue is planned for future release, to work around this issue, do not add Unicode string/comments in rsyslog.conf