Zyxel USG FLEX input does not work correctly

Hey, everybody!

I faced a problem with parsing logs from Zyxel USG FLEX. Logs arrive on 5555, as you can see from TCPdump capture, but after that they disappear and are not written to graylog. From searches I realized that logs from USG FLEX has a non-standard form because of the prefix and may not be processed by input. The view is as follows:
E..D.Y@.@… …0..<149>May 5 19:23:11 2025 Posmail-1 src=“172.16.122.41:50327” dst="54.89.66. 62:22322“ msg=”Match default rule, DROP“ note=”ACCESS BLOCK“ user=”unknown“ devID=”fc22f4e9b053“ cat=”Security Policy Control“ class=”Access Control“ ob=”0“ ob_mac=”000000000000“ dir=”ANY:ANY“ protoID=6 proto=”others”
I tried different inputs, namely SYSLOG UDP, Raw/Plaintext UDP. SYSLOG may not be recorded because of the prefix, but I don’t understand why Raw/Plaintext UDP input doesn’t work. I tried to make stream with pipe to remove the prefix, in simulation it removes everything normally, but since logs are not written even in input, I understand that there is no processing. There are no problems with other logs and everything works fine. Could you please tell me how to solve this? Thank you in advance
Ubuntu 22.04, graylog 6.1. There are no errors in the server logs.

Raw inputs with no pipeline rules should capture something, they litterally will take any garbage you throw at them. If you arent getting messages with that something somewhere is very wrong.

Are you sure the port is right, are you sure its UDP are you sure that the index its routed to can store messages etc.

Thanks for the reply. Yes, I will direct everything to the default index. You can see the port and input configuration on the screenshot