Filtering out a string in syslog messages with an iRule?

I've been searching and searching but not found anything specific. I'm having a problem with sysloging, more specifically the format of the messages sent to our Arcsight/syslog servers. Basically when a syslog message is sent from the viprion it prepends the hostname with the slot/ in the message. The syslog servers and Arcsight servers then ignore the message because it can't be verified in dns ... naturally. I've been struggling to find answers but then though maybe vServer, pool and iRule could be used to remove the string of slot/ ??

 

Here's an example of the capture; Apr 19 14:06:47 slot1/mnld4-slb-3a info logger: [ssl_acc] 10.172.49.9 - rashids2 [19/Apr/2018:14:06:47 +0100] "/xui/update/configuration/alert/statusmenu/coloradvisory" 200 2333

 

I could setup a pool to clone the messages to the syslog and arcsight servers, a vServer to target the syslog messages to and the irule to clean out the slot prepend .... any advice?