diff --git a/patterns/grok-patterns b/patterns/grok-patterns
index 37c70487..d29ea628 100755
--- a/patterns/grok-patterns
+++ b/patterns/grok-patterns
@@ -76,7 +76,7 @@ DATESTAMP_EVENTLOG %{YEAR}%{MONTHNUM2}%{MONTHDAY}%{HOUR}%{MINUTE}%{SECOND}
 
 # Syslog Dates: Month Day HH:MM:SS
 SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}
-PROG (?:[\w._/%-]+)
+PROG (?:[\w._() /%-]+)
 SYSLOGPROG %{PROG:program}(?:\[%{POSINT:pid}\])?
 SYSLOGHOST %{IPORHOST}
 SYSLOGFACILITY <%{NONNEGINT:facility}.%{NONNEGINT:priority}>
diff --git a/patterns/linux-syslog b/patterns/linux-syslog
index 81c1f86e..66db80dd 100644
--- a/patterns/linux-syslog
+++ b/patterns/linux-syslog
@@ -6,7 +6,7 @@ SYSLOGPAMSESSION %{SYSLOGBASE} (?=%{GREEDYDATA:message})%{WORD:pam_module}\(%{DA
 CRON_ACTION [A-Z ]+
 CRONLOG %{SYSLOGBASE} \(%{USER:user}\) %{CRON_ACTION:action} \(%{DATA:message}\)
 
-SYSLOGLINE %{SYSLOGBASE2} %{GREEDYDATA:message}
+SYSLOGLINE %{SYSLOGBASE2} ?%{GREEDYDATA:message}
 
 # IETF 5424 syslog(8) format (see http://www.rfc-editor.org/info/rfc5424)
 SYSLOG5424PRI <%{NONNEGINT:syslog5424_pri}>