We had exactly the same problem some weeks ago with the CyberArk logs via Syslog.
The format was wrong as CyberArk was meant to be sending individual events and not one big message containing multiple events and breaking the last one because it doesn't fit in a UDP datagram. Check if this is your case and the last event in your message is incomplete.
We told our CyberArk guys and they reported this to the vendor. I think they ended up upgrading to the latest version and the problem is now solved, but I would ask CyberArk in any case.