It's because Kloxo/Kloxo-MR think service is syslog. In my investigation, this service is rsyslog. Need fix Kloxo-MR code for this situation.
Open '/etc/rsyslog.conf' and add 'ftp.* /var/log/secure' under 'authpriv.* /var/log/secure'. And then restart with 'service rsyslog restart'.