Sorry for the delay in answering. The syslog format essentially doesn't map to another format so, aside from the header, you'll get the Check Point field names unmapped.
# pwd
/opt/CPrt-R80.20/log_exporter/targets/MySyslog
# grep mapping *
.....
targetConfiguration.xml: <!-- Format section determines the form (headers and mappings) of the exported logs -->
targetConfiguration.xml: <mappingConfiguration></mappingConfiguration><!--if empty the fields are sent as is without renaming-->
On a related note there is a project to better define the Check Point field names and to normalize them across products. Bit hidden right now, but you can see in R80.20 the 100+ Threat Prevention field definitions for ALL of SandBlast products (mobile, endpoint, gateway) at the bottom of sk134634: SmartView Cyber Attack View in the Field Documentation section. In the future am sure we'll do a better job of documenting these so they're not buried in an SK like this. For now check out Threat Prevention Log Field Documentation.