Edgardo,
Doesn't look like your syslog message contains the dec 02 x:x:x like expected from the syslog regex:
Dec 02 15:34:04 2013 hub-pila-0005 %%10SHELL/5/CMD(l):- 1 -task:vt0 ip:10.223.168.132 user:sistemas command:display ver
But just has a year like:
2013 hub-cf50-09f1 %%10SHELL/5/CMD(l):- 1 -task:vt0 ip:10.223.168.132 user:admin command:display ver
Maybe remove the first part of the regex and give it another shot:
^\d{4}\s(?:.*\%%)(?P<component>.*?:)(?:-.*?-)(?P<summary>.*)
Would go this route vs putting a transform in the /unknown event class so lets see if we can get it to work.
--Rob