Below is the content from the KB, for your information:
Based on RFC 3195 & 3164 it is specified that BSD & RAW messages can't be longer than 1024 characters. Otherwise, the syslog servers & relays ignore the end of the message. It is to note that these RFCs are not fixed standards, but widely implemented.
In this case we do fail when the message exceeds by far the guideline limit of 1024 and as a result you will see the error. Please keep in mind that syslog servers are designed to store system events and small notifications as a (short) text, they are not designed for large contextual data or as a remediation system. The current remediation systems take these short texts and context information to trigger workflow and store additional data within additional databases.
The underlying reason may be the usage of custom attributes that can as a result create messages far larger then 1024 characters, since the standard email notification is not bound to any limit.
As a best practice you would want to create Syslog notifications without custom attributes or fixed content, such as incident ID or violator as reference. If the remediator or whoever consumes the syslog entry requires more in-depth details they can log into the Vontu UI.
Alternatively, the incident ID from the syslog notification can be used to access the incident directly through the use of the Reporting API to access and store the incident data into a secondary remediation system.
Another approach is to trigger via email notification a workflow. Some customers then extract the contextual information including all custom attributes fro the email and store it within a secondary remediation system.