I have TrueNAS configured to forward syslog to Graylog. Looking at the received messages, they appear to be in RFC 3164 format and not RFC 5424. Annoying, but workable.
But the issue I’m seeing is that while Graylog correctly parses out the hostname and sets it as the source, it also includes the hostname in the message. This doesn’t happen with the RFC 5424 messages from my other services.
As I understand it we’re parsing syslog as defined exactly by the RFC (both 3164 and 5424). 5424 is highly preferable and recommended, but I understand if the device cannot send 5425.
I’ve added a comment to the issue you opened (thank you for that!). You are correct, it does appear graylog is adding the hostname (from the header portion of the syslog, per both RFCs) to the message portion.