All RSA Authentication Manager log entries are written with the hostname of "localhost" in syslog.. This article explains how to include the hostname in the syslog output.
The local syslog server is configured by default to listen on 127.0.0.1 and will not accept connections using any configuration in the Security Console other than log to "local operating system SysLog"
To work around this issue and have the hostname present in the syslog, perform the following:
Make a backup of the file /etc/syslog-ng/syslog-ng.conf.