diff --git a/package/etc/conf.d/conflib/_common/syslog_format.conf b/package/etc/conf.d/conflib/_common/syslog_format.conf
index 9a301a3..69652b9 100644
--- a/package/etc/conf.d/conflib/_common/syslog_format.conf
+++ b/package/etc/conf.d/conflib/_common/syslog_format.conf
@@ -1,6 +1,10 @@
 filter f_rfc5424_strict{
     message('^\<(?<PRI>\d+)\>(?<VERSION>\d{1,2})? (?<YEAR>\d+)-(?<MONTH>\d+)-(?<DAY>\d+)T(?<HOUR>\d+):(?<MINUTE>\d+):(?<SECOND>\d+)(?:\.(?<MILLISECONDS>\d+))?(?<OFFSET>Z|[\+-] *\d+:\d+) (?<HOSTNAME>(-)|[^ ]+) (?<APPNAME>(?:-)|[!-~]+) (?<PROCID>(?:-)|[!-~]+) (?<MSGID>(?:-)|[!-~]+) *(?<STRUCDATA>(?:-)|\[.*?\]) *(?<MSG>(?:-)| .*)?$');
-    };
+};
+filter f_rfc5424_bsd_encapsulated{
+    message('^(<\d+>)\w+ \d{1,2} \d\d:\d\d:\d\d [^ ]+ ((?<VERSION>\d{1,2})? (?<YEAR>\d+)-(?<MONTH>\d+)-(?<DAY>\d+)T(?<HOUR>\d+):(?<MINUTE>\d+):(?<SECOND>\d+)(?:\.(?<MILLISECONDS>\d+))?(?<OFFSET>Z|[\+-] *\d+:\d+) (?<HOSTNAME>(-)|[^ ]+) (?<APPNAME>(?:-)|[!-~]+) (?<PROCID>(?:-)|[!-~]+) (?<MSGID>(?:-)|[!-~]+) *(?<STRUCDATA>(?:-)|\[.*?\]) *(?<MSG>(?:-)| .*)?)$'
+    flags(store-matches));
+};
 filter f_rfc5424_noversion{
     message('^(?<SYSLOGMSG>(?<HEADER>(?<PRI><\d{1,3}>) ?(?<TIMESTAMP>(?<FULLDATE>(?<FULLDATEYEAR>\d{4})-(?<FULLDATEMONTH>\d\d)-(?<FULLDATEDAY>\d\d))T(?<FULLTIME>(?<PARTIALTIME>(?<TIMEHOUR>[0-2]\d):(?<TIMEMINUTE>[0-5]\d):(?<TIMESECOND>[0-5]\d)(?:.(?<TIMESECFRAC>\d{1,6}))?)(?<TIMEOFFSET>Z|(?<TIMENUMOFFSET>[+\-][0-2]\d:[0-5]\d))))))');
 };
diff --git a/package/etc/go_templates/source_network.t b/package/etc/go_templates/source_network.t
index f1044fb..ace8656 100644
--- a/package/etc/go_templates/source_network.t
+++ b/package/etc/go_templates/source_network.t
@@ -160,6 +160,14 @@ source s_{{ .port_id }} {
                     syslog-parser(flags(assume-utf8, syslog-protocol));
                 };
             rewrite(set_rfc5424_strict);
+        } elif {
+            filter(f_rfc5424_bsd_encapsulated);
+            parser {
+                    syslog-parser(
+                        template("$1$2")
+                        flags(assume-utf8, syslog-protocol));
+                };
+            rewrite(set_rfc5424_strict);            
         } elif {
             parser (p_cisco_meraki);
             rewrite(set_rfc5424_epochtime);
diff --git a/tests/test_vmware.py b/tests/test_vmware.py
index 2a04f8e..c65d746 100644
--- a/tests/test_vmware.py
+++ b/tests/test_vmware.py
@@ -158,3 +158,6 @@ def test_linux_vmware_horizon_ietf(record_property, setup_wordlist, setup_splunk
     record_property("message", message)
 
     assert resultCount == 1
+
+#TODO Add test
+#<182>Jun 29 10:54:02 172.16.000.000 1 2020-06-29T10:52:50.786+01:00 nma01af.xxx.xxxxxxxxx.xx.xx.xx NSXV 6152 - [nsxv@6876 comp="nsx-manager" level="INFO" subcomp="manager"] Start executing task: task-3308094 and running executor threads 1