rsyslogd can be configured to write high precision timestamps with $ActionFileDefaultTemplate RSYSLOG_FileFormat, but these aren't matched by the %{SYSLOGTIMESTAMP} pattern, which only matches %{MONTH} +%{MONTHDAY} %{TIME}.

TIMESTAMP_ISO8601 should match high precision timestamps such as those utilized by rsyslog.

I was able to get a match with the following timestamp:

2013-10-03T12:28:00.429271-06:00

Yes, use TIMESTAMP_ISO8601or even better SYSLOGBASE2, see

This can be closed.

Ah, perfect. I didn't know about `SYSLOGBASE2. That looks like it should work perfectly.