Syslog-ng forward raw log only

I have been trying to forward logs from a firewall to a SIEM using syslog-ng but the problem is that I want to forward only the original raw log without the added headers added by syslog-ng. I have the following syslog-ng conf file.

@version: 5.2
#Default configuration file for syslog-ng.
#
# For a description of syslog-ng configuration file directives, please read
# the syslog-ng Administrator's guide at:
#
# http://www.balabit.com/sites/default/files/documents/syslog-ng-pe-5.2-       guides/en/syslog-ng-pe-v5.2-guide-admin/html-single/index.html
#
@include "scl.conf"

options {
};

######
# sources
source s_local {
# message generated by Syslog-NG
internal();
};

source s_udp {
udp(ip(X.X.X.X)
flags(no-parse)
port(514));
};

######
#templates

template no_header {
template($MSG); template_escape(no);
};

######
#destinations

destination d_siem {x
syslog("X.X.X.X" port(514) template(no_header));
};

log { source(s_udp); destination(d_siem);};

With the above, I have managed to remove most of syslog-ng's headers but I cannot remove the following in bold

**531 <13>1 2015-03-03T17:35:12+04:00 X.X.X.X - - - -** <189>date=2015-03-03 time=05:27:43 devname=XXX-X-X device_id=XXXX log_id=XXXX type=XXX subtype=XXX pri=notice vd= src=X.X.X.X src_port=X src_int="XXX" dst=X.X.X.X dst_port=XXX dst_int="XXX" SN=XXXXX status=XXX policyid=X dst_country="XXXX" src_country="XXXX" dir_disp=XXX tran_disp=XXX tran_sip=X.X.X.X tran_sport=XXX service=XXX proto=X duration=XXX sent=XXX rcvd=XXX sent_pkt=XXX rcvd_pkt=XXX

Syslog-ng's documentation states that:

(The $MSGHDR$MSG part is written together because the $MSGHDR macro includes a trailing whitespace.)

If in my conf I change the template from $MSG to $MSGHDR the only thing I receive in the SIEM is the following:

531 <13>1 2015-03-03T17:35:12+04:00 X.X.X.X - - - -

But again if I use $MSG or $MSGONLY or $MESSAGE again I get:

**531 <13>1 2015-03-03T17:35:12+04:00 X.X.X.X - - - -** <189>date=2015-03-03 time=05:27:43 devname=XXX-X-X device_id=XXXX log_id=XXXX type=XXX subtype=XXX pri=notice vd= src=X.X.X.X src_port=X src_int="XXX" dst=X.X.X.X dst_port=XXX dst_int="XXX" SN=XXXXX status=XXX policyid=X dst_country="XXXX" src_country="XXXX" dir_disp=XXX tran_disp=XXX tran_sip=X.X.X.X tran_sport=XXX service=XXX proto=X duration=XXX sent=XXX rcvd=XXX sent_pkt=XXX rcvd_pkt=XXX

What I want syslog-ng to forward only is this:

<189>date=2015-03-03 time=05:27:43 devname=XXX-X-X device_id=XXXX log_id=XXXX type=XXX subtype=XXX pri=notice vd= src=X.X.X.X src_port=X src_int="XXX" dst=X.X.X.X dst_port=XXX dst_int="XXX" SN=XXXXX status=XXX policyid=X dst_country="XXXX" src_country="XXXX" dir_disp=XXX tran_disp=XXX tran_sip=X.X.X.X tran_sport=XXX service=XXX proto=X duration=XXX sent=XXX rcvd=XXX sent_pkt=XXX rcvd_pkt=XXX

I've exhausted options such as:

 options {
 #keep-hostname(yes);
 #chain-hostnames(no);
 #use_fqdn(no);
 #create_dirs(no);
 #long_hostnames(off);
 #flush_lines(0);
 #use-dns(no);
 #keep_timestamp(yes);
 #flags(store-legacy-msghdr);
 };

None of the above made a difference.

I've read in another forum that it is possible to use rewrites and sets to put the value of locked (unchangeable) vars into other vars, and then edit the value of the new vars with PCRE and such, to contain just the desired data but I'm not exactly sure how I can accomplish that.

Can somebody help out a bit with the above?