diff --git a/modules/syslogformat/syslog-format.c b/modules/syslogformat/syslog-format.c
index 102d82e1b..817baa203 100644
--- a/modules/syslogformat/syslog-format.c
+++ b/modules/syslogformat/syslog-format.c
@@ -326,6 +326,24 @@ _syslog_format_parse_version(LogMessage *msg, const guchar **data, gint *length)
   return TRUE;
 }
 
+static const gchar program_name_allowed_specials[] = ".-_()/";
+static gsize program_name_allowed_spacial_chars_len = G_N_ELEMENTS(program_name_allowed_specials) - 1;
+
+static inline gboolean
+_validate_program_char(const guchar ch, gboolean *has_alpha)
+{
+  if (isalpha(ch))
+    {
+      *has_alpha = TRUE;
+      return TRUE;
+    }
+  if (isdigit(ch))
+    return TRUE;
+  if (memchr(program_name_allowed_specials, ch, program_name_allowed_spacial_chars_len))
+    return TRUE;
+  return FALSE;
+}
+
 static void
 _syslog_format_parse_legacy_program_name(LogMessage *msg, const guchar **data, gint *length, guint flags)
 {
@@ -336,10 +354,24 @@ _syslog_format_parse_legacy_program_name(LogMessage *msg, const guchar **data, g
   src = *data;
   left = *length;
   prog_start = src;
+  gboolean has_alpha_char = FALSE;
+
   while (left && *src != ' ' && *src != '[' && *src != ':')
     {
+      if (G_UNLIKELY(flags & LP_CHECK_PROGRAM) && !_validate_program_char(*src, &has_alpha_char))
+        {
+          log_msg_set_tag_by_id(msg, LM_T_SYSLOG_RFC_3164_INVALID_PROGRAM);
+          return;
+        }
       _skip_char(&src, &left);
     }
+
+  if (G_UNLIKELY(flags & LP_CHECK_PROGRAM) && !has_alpha_char)
+    {
+      log_msg_set_tag_by_id(msg, LM_T_SYSLOG_RFC_3164_INVALID_PROGRAM);
+      return;
+    }
+
   log_msg_set_value(msg, LM_V_PROGRAM, (gchar *) prog_start, src - prog_start);
   if (left > 0 && *src == '[')
     {