I do use NXLog to parse the Exchange logs and send them to my Graylog.  Time to time, Graylog still receive the line #Software: Microsoft Exchange...   

Note that the line is sent once per hours or two hours. 

It seems that the check if $raw_event =~ /^#/ drop(); fail to drop the #line randomly.

Bellow part of my config for the input:

<Input in_MSGTRK>

    Module          im_file
    File            "\\\\xxxxxxx\\d$\\Exchsvr\\TransportRoles\\Logs\\\MessageTracking\\\\*.log"
    SavePos         TRUE
    ReadFromLast     TRUE
    Recursive        TRUE
    CloseWhenIdle   TRUE
    InputType       LineBased    
    PollInterval    10

    Exec if $raw_event =~ /HealthMailbox/ drop();
    Exec if $raw_event =~ /^#/ drop();
    Exec ParseEXCHANGESMSGTRK->parse_csv();    

</Input>

Any clue, help or solution is welcome