We have an application (Trend Micro Deep Security) which is able to forward events as syslogs (under the SIEM tab). I have configured it to forward as Basic Syslog, Local3 facility. The server hosting this application already has a LEM agent on it and is forwarding Windows logs. The only connector I saw quasi-similar to TM DS was the Trend Micro Deep Security Firewall, which I selected and changed the /var/log/ to local3. I see the log coming in using checklogs, but nothing for nDepth except the stuff forwarded by the LEM agent.
I'd suggest that you run an ExportSyslog command and dump the Local3 to a server, and then contact support. They can test your logs against the LEM tools, and it could be that a new revision of an existing connector or a new connector is required.