Thanks, Acy. I should really have said "the source IP from the IP datagram" to be more accurate.
That source IP is captured by Kiwi, jamesatloop1. However, that doesn't make it a packet sniffer. Here's a quote from the "Forward to another host" section of the manual:
Normally, the syslog protocol is unable to maintain the original sender's address when forwarding/relaying syslog messages. This is because the senders address is taken from the received UDP or TCP packet.
The reason for my question was that other (non-IP) filters act on the content of the syslog message. I just wanted to be sure that a source IP, sent as hostname in the content, would not be used as the basis for filtering.