As the customer reporting this issue, I want to be clear on what I'm requesting.
A line being pushed via syslog looks something like this:
sending-proxy.org logsubname: Info: 1234567890.123 (a bunch of log data)
The 'sending-proxy.org' is the hostname of the proxy, and 'logsubname' is the name of the log subscription as configured in the WSA's log subscription screen. Then there is the literal string ": Info: " (colon, space, Info, colon, space). Then an epoch-style timestamp, then the actual meat of the log data.
I need to be able to remove the garbage literal ": Info: " (colon, space, Info, colon, space). This is redundant, as the log facility and log level are part of the syslog packet elsewhere, and the inclusion of this chunk of gibberish text is causing problems with log parsing in other contexts (in my case, ingesting the logs into Splunk).