When receiving a syslog message, Zenoss server is doing its best to parse it hoping it will conform to syslog standards format. It starts by looking for a time stamp, the host IP address or name, facility and severity and will parse what's left trying to find some distinctive paterns that will help in classifying the event. According to standards, a syslog message is one single ASCII character string with some structure added to it and this is where the problem might occur: different vendors might construct different structures because the IETF standard doesn't cover the message part in detail, only the header is standardized.
If your equipment (by the way can you tell us what kind of equipment is this) is sending some info on a separate line, it seems this second line lacks the standard syslog header so Zenoss can't parse it at all. Other possibility would be for Zenoss to detect a character that will falsely signal the end of the message and this will cause the rest of the message to be discarded. In order for me to figure out what happens there are two things that I need :
- the setup of syslog on your server. Is Zenoss receiving syslog messages directly by listening on port UDP/514 or you are using some technique to relay syslog messages to Zenoss ?
- can you capture one or more of these messages on your server using tcpdump or Wireshark and post some screenshots here ?