When syslog configuration on Aix server is configured to send logs directly to RSA envision collector, the complete log reaches the collector.
But when it was configured through proxy(syslog ng) the log is getting truncated.
I could see the complete log that reaches proxy server using tcpdump, but when it reaches collector its been truncated. Especially the "message forwarded from"string in Aix logs is getting truncated.
As the stock parser of Aix always has "message forwarded from" in the xml header, so the logs from Aix discovers as unknown or linux.
Any troubleshooting steps please assist?