Has anyone experienced outbound SYSLOG (UDP port 514) traffic being blocked?

I am using a Motorola NVG510's public IP address space (so nothing should be affected by the device's firewall settings) to forward SYSLOG traffic from an internal firewall to an external log collector.  This has worked fine for several years until around midnight 8/23.  At that point, no traffic made it to the destination although the traffic was still being generated by the internal firewall (other devices using the same collector continued to work fine).  As a workaround/test, I configured the internal firewall to use UDP port 517 in lieu of UDP 514 and configured the collector to accept traffic on that port.  Everything worked fine using UDP port 517 but not UDP port 514.

I know that AT&T blocks some external traffic (e.g. port 25, 123, see https://www.att.com/gen/public-affairs?pid=20879) but no one seems to know if they are starting to block UDP port 514 SYSLOG traffic as well or not.  I thought that AT&T *may* have started to block traffic as a security mechanism or that all of the UDP traffic triggered a UDP FLOOD block (port 517 works fine).  Putting on my tinfoil hat and I might conclude that a nefarious actor has hacked AT&T, disabled the forwarding of port 514 so as to prevent firewalls from reporting to external collectors, and commenced an (now undetectable) attack on our infrastrucure.

Any ideas would be welcomed.

(this was originally posted in the email & security forum).