Fixing this is an open feature request here:
https://arubanetworkskb.secure.force.com/cp/ideas/viewIdea.apexp?id=08740000000LFfoAAG
...you may want to vote it up.
We looked into how to teach rsyslog to deal with this unusual date format, but
it looked like we would have to create our own parser and compile rsyslog from source
in order to do that, or do a prohibitively clever set of variable manipulations in the
config file to reshuffle everything.
The date they are sending now is not complaint with newer syslog date formats that do include the year, nor is is compliant with the older standard which explicitly says not to do the exact thing that that Aruba did here:
"
It has been seen
that some original syslog messages contain a more explicit time stamp
in which a 2 character or 4 character year field immediately follows
the space terminating the TIMESTAMP. This is not consistent with the
original intent of the order and format of the fields. If
implementers wish to contain a more specific date and time stamp
within the transmitted message, it should be within the CONTENT
field. Implementers may wish to utilize the ISO 8601 [7] date and
time formats if they want to include more explicit date and time
information."