Hi Spuluka,
Thanks for the url given. FYI, we have 3 SRX 5800 (Cluster , A, B , C) chassis cluster and one of them (Cluster A) is MacAfee can received the syslog may be because it have direct connected to Cluster A. But Cluster B and C is using routing to reach MacAfee.
Hopefully someone out there can give some workaround because now they think it SRX issue not SIEM issue.