If not thats probably the problem.

If you use a template and use %hostname% it will preserve what was in the message.
If you use %fromhost% of %fromhost-ip% it will log the machine the message
was received from.

Rgds

WaltB

Upgrade all:

Zenoss 4.2.5
OS Linux (x86_64) 3.16.0 (Linux monblan 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17) x86_64)
Zope Zope 2.13.13
Python Python 2.7.2
Database MySQL 5.5.47 (5.5.47-0+deb8u1)
RRD RRDtool 1.4.7
Twisted Twisted 11.0.0
RabbitMQ RabbitMQ 3.3.0
Erlang Erlang 6.2.0
NetSnmp NetSnmp 5.7.2
PyNetSnmp PyNetSnmp 0.30.7
WMI Wmi 1.3.15

Same effect:

Resource: 172.16.1.1
Component: PORT_SECURITY
Event Class: /Unknown
Status: New
Message: Security violation occurred, caused by MAC address 1008.c106.6b13 on port FastEthernet0/1.
Event Management...
agent zensyslog
component PORT_SECURITY
dedupid 172.16.1.1|PORT_SECURITY|/Unknown|4|Security violation occurred, caused by MAC address 1008.c106.6b13 on port FastEthernet0/1.
eventClass /Unknown
eventClassKey PORT_SECURITY-2-PSECURE_VIOLATION
eventClassMapping
eventGroup syslog
eventKey
eventState New
evid 0cc47a6c-61e8-895a-11e5-cb0bd0f40545
facility
message Security violation occurred, caused by MAC address 1008.c106.6b13 on port FastEthernet0/1.
ntevid
priority 3
severity 4
summary Security violation occurred, caused by MAC address 1008.c106.6b13 on port FastEthernet0/1.
Device State...
DeviceClass
DeviceGroups
DevicePriority
Location
Systems
device 172.16.1.1
ipAddress 172.16.1.1
monitor localhost
prodState
Event Data...
clearid
count 2
firstTime 2016-02-04 16:52:06
lastTime 2016-02-04 16:52:12
ownerid
stateChange 2016-02-04 16:52:06
Event Details...
manager zen.dzen.zu
originalTime Feb 4 16:52:22
zenoss.device.ip_address 172.16.1.1
LOG