• Logs forwarded to external syslog servers (e.g., Tuffin) in RAW format do not contain the original syslog headers.
• The Priority (<PRI>) part (e.g., <13>) is missing from the forwarded packets even though it was present in the source logs from ESXi hosts.

• VMware Aria Operations for Logs 8.18.6 (formerly vRealize Log Insight)

The current implementation of SyslogMessageSyslogRaw in Aria Operations for Logs is designed to forward only the message body. It does not support toggling between RFC5424 and RFC3164 formats to include or exclude the PRI metadata automatically in RAW mode.

To include the PRI header in forwarded logs, follow these steps:

1. Navigate to the Log Forwarding configuration in the Aria Operations for Logs UI.
2. Locate the destination server configuration where RAW logs are being sent.
3. Enable the option "Adjust PRI/VERSION".
4. Verify on the destination server that the PRI metadata is now visible in the logs.

If the "Adjust PRI/VERSION" setting does not meet specific formatting requirements, please submit a Feature Request (FR) through the Broadcom Support Portal to request enhanced RAW header preservation. Instructions for Submitting new features or enhancement requests for Aria Operations.