The issue we're having is that the messages are missing the hostname, timestamp, and syslog protocol version. This has been previously described under sk100727.
We were investigating if it was a viable option to export the logs to the management server and export them out to an external syslog and parse it there, since they are exported in CEF format and that would allow us to parse the events.
We are on R80.10 (with some install base on R77.30, to be brought to R80.10 in the next few months). We are not looking to install the hotfix described in the SK, as it will require extra maintainability, as well as introducing potentially less stable code on the chassis.