Symantec Endpoint Protection Manager [SEPM] is not forwarding all the logs configured under External Logging for Local Site to the Syslog server or any external Security Information and Event Management [SIEM] tool/server. 
It is also observer that the logs are getting truncated, not all the information is sent to the external configured SIEM or Syslog although they were correctly written to the local dump file on the SEPM server 

SEPM 14.3.X

In the data/dump folder, there were many policy data xml files that have large file size. The issue is caused by the large payload in handling the Audit logs which might affect the syslog server when processing other logs

Take back up of the file  <SEPM install>\tomcat\etc\conf.properties
Edit the file in a text editor and add this parameter and restart the SEPM services [SEPM, WEB, API]

scm.syslog.message.maxlength.bytes=1024

Note: This parameter is applicable only when using "UDP" and the value can be increased to 2048 or 4096 if needed. 

Another option we can test is to temporarily disable the Audit Logs in External Logging, and then monitor if rest all Logs are handled in the syslog server.

As designed, there is no default maxlength value in SEPM. It all depends on the transport receiver (external syslog server). Ideally, if the syslog server receives a message with a length larger than it can support, it should truncate the payload. But we cannot guarantee that the syslog server has implemented this.

The parameter (scm.syslog.message.maxlength.bytes) was implemented to workaround the issue on SEPM.