From 1c0e9aab66c36f48d116187beb125d8dffc4c462 Mon Sep 17 00:00:00 2001
From: someperson <stownsend42@sbcglobal.net>
Date: Tue, 16 Sep 2014 14:14:00 -0500
Subject: [PATCH 1/2] Message parameter for syslog is now optional

---
 patterns/linux-syslog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/patterns/linux-syslog b/patterns/linux-syslog
index 81c1f86e..66db80dd 100644
--- a/patterns/linux-syslog
+++ b/patterns/linux-syslog
@@ -6,7 +6,7 @@ SYSLOGPAMSESSION %{SYSLOGBASE} (?=%{GREEDYDATA:message})%{WORD:pam_module}\(%{DA
 CRON_ACTION [A-Z ]+
 CRONLOG %{SYSLOGBASE} \(%{USER:user}\) %{CRON_ACTION:action} \(%{DATA:message}\)
 
-SYSLOGLINE %{SYSLOGBASE2} %{GREEDYDATA:message}
+SYSLOGLINE %{SYSLOGBASE2} ?%{GREEDYDATA:message}
 
 # IETF 5424 syslog(8) format (see http://www.rfc-editor.org/info/rfc5424)
 SYSLOG5424PRI <%{NONNEGINT:syslog5424_pri}>

From bd449e403a07694ec6606a308649cb41d5cfc25c Mon Sep 17 00:00:00 2001
From: someperson <stownsend42@sbcglobal.net>
Date: Tue, 16 Sep 2014 14:14:48 -0500
Subject: [PATCH 2/2] Edited PROG pattern to allow for parentheses and spaces

---
 patterns/grok-patterns | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/patterns/grok-patterns b/patterns/grok-patterns
index 37c70487..d29ea628 100755
--- a/patterns/grok-patterns
+++ b/patterns/grok-patterns
@@ -76,7 +76,7 @@ DATESTAMP_EVENTLOG %{YEAR}%{MONTHNUM2}%{MONTHDAY}%{HOUR}%{MINUTE}%{SECOND}
 
 # Syslog Dates: Month Day HH:MM:SS
 SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}
-PROG (?:[\w._/%-]+)
+PROG (?:[\w._() /%-]+)
 SYSLOGPROG %{PROG:program}(?:\[%{POSINT:pid}\])?
 SYSLOGHOST %{IPORHOST}
 SYSLOGFACILITY <%{NONNEGINT:facility}.%{NONNEGINT:priority}>