diff --git a/usr.sbin/syslogd/tests/Makefile b/usr.sbin/syslogd/tests/Makefile
index 65d08d75fcd1..36b7798d317c 100644
--- a/usr.sbin/syslogd/tests/Makefile
+++ b/usr.sbin/syslogd/tests/Makefile
@@ -1,14 +1,15 @@
 PACKAGE=	tests
 
 ATF_TESTS_SH=	syslogd_basic_format_test \
+		syslogd_forwarded_format_test \
 		syslogd_test
 
 # Run in jail with new vnet so we don't need to worry about address conflicts
 TEST_METADATA=	execenv="jail" \
 		execenv_jail_params="vnet=new" \
 		timeout=20
 
 ${PACKAGE}FILES=syslogd_format_test_common.sh \
 		syslogd_test_common.sh
 
 .include <bsd.test.mk>
diff --git a/usr.sbin/syslogd/tests/syslogd_basic_format_test.sh b/usr.sbin/syslogd/tests/syslogd_basic_format_test.sh
index 7ee7cd0e1e91..1969ce180f66 100644
--- a/usr.sbin/syslogd/tests/syslogd_basic_format_test.sh
+++ b/usr.sbin/syslogd/tests/syslogd_basic_format_test.sh
@@ -1,111 +1,110 @@
 #-
 # SPDX-License-Identifier: BSD-2-Clause
 #
 # Copyright (c) 2024 Michal Scigocki <michal.os@hotmail.com>
 #
 
-. $(atf_get_srcdir)/syslogd_test_common.sh
 . $(atf_get_srcdir)/syslogd_format_test_common.sh
 
 # Basic format tests
 # Single server, logging to local socket (inet disabled)
 setup_basic_format_test()
 {
     local format="$1"
     local logfile="$2"
 
     printf "user.debug\t${logfile}\n" > "${SYSLOGD_CONFIG}"
 
     syslogd_start \
         -O "${format}" \
         -N \
         -ss
 
     syslogd_log -p user.debug -t "${TAG}" \
         -h "${SYSLOGD_LOCAL_SOCKET}" \
         -H "${HOSTNAME}" "${MSG}"
 }
 
 atf_test_case "O_flag_bsd_basic" "cleanup"
 O_flag_bsd_basic_head()
 {
     atf_set descr "bsd format test on local syslog message"
 }
 O_flag_bsd_basic_body()
 {
     local format="bsd"
     local logfile="${PWD}/O_flag_${format}_basic.log"
 
     setup_basic_format_test "${format}" "${logfile}"
 
     atf_check -s exit:0 -o match:"${REGEX_RFC3164_LOGFILE}" cat "${logfile}"
 }
 O_flag_bsd_basic_cleanup()
 {
     syslogd_stop
 }
 
 atf_test_case "O_flag_rfc3164_basic" "cleanup"
 O_flag_rfc3164_basic_head()
 {
     atf_set descr "rfc3164 format test on local syslog message"
 }
 O_flag_rfc3164_basic_body()
 {
     local format="rfc3164"
     local logfile="${PWD}/O_flag_${format}_basic.log"
 
     setup_basic_format_test "${format}" "${logfile}"
 
     atf_check -s exit:0 -o match:"${REGEX_RFC3164_LOGFILE}" cat "${logfile}"
 }
 O_flag_rfc3164_basic_cleanup()
 {
     syslogd_stop
 }
 
 atf_test_case "O_flag_syslog_basic" "cleanup"
 O_flag_syslog_basic_head()
 {
     atf_set descr "syslog format test on local syslog message"
 }
 O_flag_syslog_basic_body()
 {
     local format="syslog"
     local logfile="${PWD}/O_flag_${format}_basic.log"
 
     setup_basic_format_test "${format}" "${logfile}"
 
     atf_check -s exit:0 -o match:"${REGEX_RFC5424_LOGFILE}" cat "${logfile}"
 }
 O_flag_syslog_basic_cleanup()
 {
     syslogd_stop
 }
 
 atf_test_case "O_flag_rfc5424_basic" "cleanup"
 O_flag_rfc5424_basic_head()
 {
     atf_set descr "rfc5424 format test on local syslog message"
 }
 O_flag_rfc5424_basic_body()
 {
     local format="rfc5424"
     local logfile="${PWD}/O_flag_${format}_basic.log"
 
     setup_basic_format_test "${format}" "${logfile}"
 
     atf_check -s exit:0 -o match:"${REGEX_RFC5424_LOGFILE}" cat "${logfile}"
 }
 O_flag_rfc5424_basic_cleanup()
 {
     syslogd_stop
 }
 
 atf_init_test_cases()
 {
     atf_add_test_case "O_flag_bsd_basic"
     atf_add_test_case "O_flag_rfc3164_basic"
     atf_add_test_case "O_flag_syslog_basic"
     atf_add_test_case "O_flag_rfc5424_basic"
 }
diff --git a/usr.sbin/syslogd/tests/syslogd_format_test_common.sh b/usr.sbin/syslogd/tests/syslogd_format_test_common.sh
index 199fb746839c..995bb048881b 100644
--- a/usr.sbin/syslogd/tests/syslogd_format_test_common.sh
+++ b/usr.sbin/syslogd/tests/syslogd_format_test_common.sh
@@ -1,32 +1,88 @@
 #-
 # SPDX-License-Identifier: BSD-2-Clause
 #
 # Copyright (c) 2024 Michal Scigocki <michal.os@hotmail.com>
 #
 
+. $(atf_get_srcdir)/syslogd_test_common.sh
+
 # REGEX Components
 readonly PRI="<15>"
 readonly VERSION="1"
 readonly DATE_RFC3164="[A-Z][a-z]{2} [ 1-3][0-9]"
 readonly TIMESPEC_RFC5424="([:TZ0-9\.\+\-]{20,32}|\-)" # Simplified TIMESPEC
 readonly TIME_RFC3164="([0-9]{2}:){2}[0-9]{2}"
 readonly HOSTNAME="example.test"
 readonly HOSTNAME_REGEX="example\.test"
 readonly TAG="test_tag"
 readonly MSG="test_log_message"
 
 # Test REGEX
 # Dec  2 15:55:00 example.test test_tag: test_log_message
 readonly REGEX_RFC3164="${DATE_RFC3164} ${TIME_RFC3164} ${HOSTNAME_REGEX} ${TAG}: ${MSG}"
 readonly REGEX_RFC3164_LOGFILE="^${REGEX_RFC3164}$"
 readonly REGEX_RFC3164_PAYLOAD="${PRI}${REGEX_RFC3164}$"
 
 # Dec  2 15:55:00 Forwarded from example.test: test_tag: test_log_message
 readonly REGEX_RFC3164_LEGACY="${DATE_RFC3164} ${TIME_RFC3164} Forwarded from ${HOSTNAME_REGEX}: ${TAG}: ${MSG}"
 readonly REGEX_RFC3164_LEGACY_LOGFILE="^${REGEX_RFC3164_LEGACY}$"
 readonly REGEX_RFC3164_LEGACY_PAYLOAD="${PRI}${REGEX_RFC3164_LEGACY}$"
 
 # <15>1 2024-12-02T15:55:00.000000+00:00 example.test test_tag - - - test_log_message
 readonly REGEX_RFC5424="${PRI}${VERSION} ${TIMESPEC_RFC5424} ${HOSTNAME_REGEX} ${TAG} - - - ${MSG}"
 readonly REGEX_RFC5424_LOGFILE="^${REGEX_RFC5424}$"
 readonly REGEX_RFC5424_PAYLOAD="${REGEX_RFC5424}$"
+
+# Filename helper functions
+config_filename()
+{ local ref="$1"; echo "${PWD}/syslog_${ref}.conf"; }
+
+local_socket_filename()
+{ local ref="$1"; echo "${PWD}/log_${ref}.sock"; }
+
+pid_filename()
+{ local ref="$1"; echo "${PWD}/syslogd_${ref}.pid"; }
+
+local_privsocket_filename()
+{ local ref="$1"; echo "${PWD}/logpriv_${ref}.sock"; }
+
+confirm_INET_support_or_skip()
+{
+    if ! sysctl kern.conftxt | grep -qw INET; then
+        atf_skip "Running kernel does not support INET"
+    fi
+}
+
+set_common_atf_metadata()
+{
+    atf_set timeout 5
+    atf_set require.user root
+}
+
+# Wrapper with better semantic name for networking context
+syslogd_start_on_port()
+{
+    local port="$1"
+    shift 1
+
+    syslogd_start \
+        -b ":${port}" \
+        -f "$(config_filename ${port})" \
+        -p "$(local_socket_filename ${port})" \
+        -P "$(pid_filename ${port})" \
+        -S "$(local_privsocket_filename ${port})" \
+        $@
+}
+
+# Wrapper with better semantic name for networking context
+syslogd_stop_on_ports()
+{
+    local ports="$@"
+
+    for port in "${ports}"; do
+        syslogd_stop \
+            "$(pid_filename ${port})" \
+            "$(local_socket_filename ${port})" \
+            "$(local_privsocket_filename ${port})"
+    done
+}
diff --git a/usr.sbin/syslogd/tests/syslogd_forwarded_format_test.sh b/usr.sbin/syslogd/tests/syslogd_forwarded_format_test.sh
new file mode 100644
index 000000000000..3d220a80b7e8
--- /dev/null
+++ b/usr.sbin/syslogd/tests/syslogd_forwarded_format_test.sh
@@ -0,0 +1,213 @@
+#-
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2024 Michal Scigocki <michal.os@hotmail.com>
+#
+
+. $(atf_get_srcdir)/syslogd_format_test_common.sh
+
+SERVER_1_PORT="5140"
+SERVER_2_PORT="5141"
+
+# Forwarded Message Tests
+# Two servers, one sending syslog messages to the other over UDP
+setup_forwarded_format_test()
+{
+    local format="$1"
+    local logfile="$2"
+    local pcapfile="$3"
+
+    confirm_INET_support_or_skip
+
+    # Begin packet capture for single packet
+    tcpdump --immediate-mode -c 1 -i lo0 -w "${pcapfile}" \
+        dst port "${SERVER_1_PORT}" &
+    tcpdump_pid="$!"
+
+    # Start first server: receive UDP, log to file
+    printf "user.debug\t${logfile}\n" > "$(config_filename ${SERVER_1_PORT})"
+    syslogd_start_on_port "${SERVER_1_PORT}" -O "${format}"
+
+    # Start second server: send UDP, log to first server
+    printf "user.debug\t@127.0.0.1:${SERVER_1_PORT}\n" \
+        > "$(config_filename ${SERVER_2_PORT})"
+    syslogd_start_on_port "${SERVER_2_PORT}" -O "${format}"
+
+    # Send test syslog message
+    syslogd_log -4 -p user.debug -t "${TAG}" -h 127.0.0.1 \
+        -P "${SERVER_2_PORT}" -H "${HOSTNAME}" "${MSG}"
+
+    wait "${tcpdump_pid}" # Wait for packet capture to finish
+}
+
+atf_test_case "O_flag_bsd_forwarded" "cleanup"
+O_flag_bsd_forwarded_head()
+{
+    atf_set descr "bsd format test on a forwarded syslog message"
+    set_common_atf_metadata
+}
+O_flag_bsd_forwarded_body()
+{
+    local format="bsd"
+    local logfile="${PWD}/${format}_forwarded.log"
+    local pcapfile="${PWD}/${format}_forwarded.pcap"
+
+    setup_forwarded_format_test "${format}" "${logfile}" "${pcapfile}"
+
+    atf_expect_fail \
+        "PR 220246 syslog -O bsd deviates from RFC 3164 recommendations"
+    atf_check -s exit:0 -o match:"${REGEX_RFC3164_LOGFILE}" cat "${logfile}"
+    atf_check -s exit:0 -e ignore -o match:"${REGEX_RFC3164_PAYLOAD}" \
+        tcpdump -A -r "${pcapfile}"
+}
+O_flag_bsd_forwarded_cleanup()
+{
+    syslogd_stop_on_ports \
+        "${SERVER_1_PORT}" \
+        "${SERVER_2_PORT}"
+}
+
+atf_test_case "O_flag_rfc3164_forwarded" "cleanup"
+O_flag_rfc3164_forwarded_head()
+{
+    atf_set descr "rfc3164 format test on a forwarded syslog message"
+    set_common_atf_metadata
+}
+O_flag_rfc3164_forwarded_body()
+{
+    local format="rfc3164"
+    local logfile="${PWD}/${format}_forwarded.log"
+    local pcapfile="${PWD}/${format}_forwarded.pcap"
+
+    setup_forwarded_format_test "${format}" "${logfile}" "${pcapfile}"
+
+    atf_expect_fail \
+        "PR 220246 syslog -O rfc3164 deviates from RFC 3164 recommendations"
+    atf_check -s exit:0 -o match:"${REGEX_RFC3164_LOGFILE}" cat "${logfile}"
+    atf_check -s exit:0 -e ignore -o match:"${REGEX_RFC3164_PAYLOAD}" \
+        tcpdump -A -r "${pcapfile}"
+}
+O_flag_rfc3164_forwarded_cleanup()
+{
+    syslogd_stop_on_ports \
+        "${SERVER_1_PORT}" \
+        "${SERVER_2_PORT}"
+}
+
+atf_test_case "O_flag_syslog_forwarded" "cleanup"
+O_flag_syslog_forwarded_head()
+{
+    atf_set descr "syslog format test on a forwarded syslog message"
+    set_common_atf_metadata
+}
+O_flag_syslog_forwarded_body()
+{
+    local format="syslog"
+    local logfile="${PWD}/${format}_forwarded.log"
+    local pcapfile="${PWD}/${format}_forwarded.pcap"
+
+    setup_forwarded_format_test "${format}" "${logfile}" "${pcapfile}"
+
+    atf_check -s exit:0 -o match:"${REGEX_RFC5424_LOGFILE}" cat "${logfile}"
+    atf_check -s exit:0 -e ignore -o match:"${REGEX_RFC5424_PAYLOAD}" \
+        tcpdump -A -r "${pcapfile}"
+}
+O_flag_syslog_forwarded_cleanup()
+{
+    syslogd_stop_on_ports \
+        "${SERVER_1_PORT}" \
+        "${SERVER_2_PORT}"
+}
+
+atf_test_case "O_flag_rfc5424_forwarded" "cleanup"
+O_flag_rfc5424_forwarded_head()
+{
+    atf_set descr "rfc5424 format test on a forwarded syslog message"
+    set_common_atf_metadata
+}
+O_flag_rfc5424_forwarded_body()
+{
+    local format="rfc5424"
+    local logfile="${PWD}/${format}_forwarded.log"
+    local pcapfile="${PWD}/${format}_forwarded.pcap"
+
+    setup_forwarded_format_test "${format}" "${logfile}" "${pcapfile}"
+
+    atf_check -s exit:0 -o match:"${REGEX_RFC5424_LOGFILE}" cat "${logfile}"
+    atf_check -s exit:0 -e ignore -o match:"${REGEX_RFC5424_PAYLOAD}" \
+        tcpdump -A -r "${pcapfile}"
+}
+O_flag_rfc5424_forwarded_cleanup()
+{
+    syslogd_stop_on_ports \
+        "${SERVER_1_PORT}" \
+        "${SERVER_2_PORT}"
+}
+
+# Legacy bsd/rfc3164 format tests
+# The legacy syntax was introduced in FreeBSD PR 7055, circa 1998
+atf_test_case "O_flag_bsd_forwarded_legacy" "cleanup"
+O_flag_bsd_forwarded_legacy_head()
+{
+    atf_set descr "legacy bsd format test on a forwarded syslog message"
+    set_common_atf_metadata
+}
+O_flag_bsd_forwarded_legacy_body()
+{
+    local format="bsd"
+    local logfile="${PWD}/${format}_forwarded_legacy.log"
+    local pcapfile="${PWD}/${format}_forwarded.pcap"
+
+    setup_forwarded_format_test "${format}" "${logfile}" "${pcapfile}"
+
+    atf_check -s exit:0 -o match:"${REGEX_RFC3164_LEGACY_LOGFILE}" \
+        cat "${logfile}"
+    atf_check -s exit:0 -e ignore \
+        -o match:"${REGEX_RFC3164_LEGACY_PAYLOAD}" \
+        tcpdump -A -r "${pcapfile}"
+}
+O_flag_bsd_forwarded_legacy_cleanup()
+{
+    syslogd_stop_on_ports \
+        "${SERVER_1_PORT}" \
+        "${SERVER_2_PORT}"
+}
+
+atf_test_case "O_flag_rfc3164_forwarded_legacy" "cleanup"
+O_flag_rfc3164_forwarded_legacy_head()
+{
+    atf_set descr \
+        "legacy rfc3164 format test on a forwarded syslog message"
+    set_common_atf_metadata
+}
+O_flag_rfc3164_forwarded_legacy_body()
+{
+    local format="rfc3164"
+    local logfile="${PWD}/${format}_forwarded_legacy.log"
+    local pcapfile="${PWD}/${format}_forwarded.pcap"
+
+    setup_forwarded_format_test "${format}" "${logfile}" "${pcapfile}"
+
+    atf_check -s exit:0 -o match:"${REGEX_RFC3164_LEGACY_LOGFILE}" \
+        cat "${logfile}"
+    atf_check -s exit:0 -e ignore \
+        -o match:"${REGEX_RFC3164_LEGACY_PAYLOAD}" \
+        tcpdump -A -r "${pcapfile}"
+}
+O_flag_rfc3164_forwarded_legacy_cleanup()
+{
+    syslogd_stop_on_ports \
+        "${SERVER_1_PORT}" \
+        "${SERVER_2_PORT}"
+}
+
+atf_init_test_cases()
+{
+    atf_add_test_case "O_flag_bsd_forwarded"
+    atf_add_test_case "O_flag_rfc3164_forwarded"
+    atf_add_test_case "O_flag_syslog_forwarded"
+    atf_add_test_case "O_flag_rfc5424_forwarded"
+
+    atf_add_test_case "O_flag_bsd_forwarded_legacy"
+    atf_add_test_case "O_flag_rfc3164_forwarded_legacy"
+}