diff --git a/recipes/syslog-pri/syslog.conf b/recipes/syslog-pri/syslog.conf
index 315a251..bc2e9f0 100644
--- a/recipes/syslog-pri/syslog.conf
+++ b/recipes/syslog-pri/syslog.conf
@@ -12,7 +12,7 @@ input {
 filter {
   grok {
       type => "syslog"
-      pattern => [ "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" ]
+      pattern => [ "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?(:)? %{GREEDYDATA:syslog_message}" ]
       add_field => [ "received_at", "%{@timestamp}" ]
       add_field => [ "received_from", "%{@source_host}" ]
   }