The <133> is the syslog "facility" and "level" encoded into the message. The "\x00" is probably a null termination at the end of each message. One of my questions would be is the "\x00" actually a 0x00 byte, or the bytes 0x5C 0x78 0x30 0x30? A wireshark capture would tell you for sure.
Once you know, you could update the LINE_BREAKER to eat it as well, or use a SEDCMD in props.conf to filter it out.
Also, the <133> may not always have the digits "133" in it. Generalizing your regexp to 1 to 3 digits inside the <>'s would make it work if the Netscreen sends a different syslog level for some reason.
LINE_BREAKER=(<\d{1,3}>)
... View more