diff --git a/files/sudo b/files/sudo
index 07624df..65f44d7 100644
--- a/files/sudo
+++ b/files/sudo
@@ -6,7 +6,10 @@ SUDO_COMMAND COMMAND=%{GREEDYDATA:sudo_command}
 SUDO_USER %{NOTSPACE:sudo_user}
 SUDO_RUNAS USER=%{NOTSPACE:sudo_runas}
 
-SUDO_INFO_COMMAND_SUCCESSFUL %{SUDO_USER} : %{SUDO_TTY} ; %{SUDO_PWD} ; %{SUDO_RUNAS} ; %{SUDO_COMMAND}
+# for PUN of Open Ondemand
+SUDO_OOD_PUN COMMAND=/opt/ood/nginx_stage/sbin/nginx_stage %{NOTSPACE:pun_command} -u %{NOTSPACE:pun_user} .*
+
+SUDO_INFO_COMMAND_SUCCESSFUL %{SUDO_USER} : (?:%{SUDO_TTY} ; )?%{SUDO_PWD} ; %{SUDO_RUNAS} ; (?:%{SUDO_OOD_PUN}|%{SUDO_COMMAND})
 SUDO_INFO_PAM_UNIX_SESSION_OPENED pam_unix\(sudo:session\): (?<sudo_message>session opened) for user %{NOTSPACE:sudo_runas} by %{SUDO_USER}\(uid=%{NUMBER}\)
 SUDO_INFO_PAM_UNIX_SESSION_CLOSED pam_unix\(sudo:session\): (?<sudo_message>session closed) for user %{NOTSPACE:sudo_runas}
 
diff --git a/tests/data/sudo b/tests/data/sudo
index 2472998..0da8298 100644
--- a/tests/data/sudo
+++ b/tests/data/sudo
@@ -45,4 +45,16 @@ data = [
             "sudo_command": "../../../module/harm/plugin/script/harm_mgr.sh floatIP.sh status active key1=value1; 0 ha2",
         },
     },
+    {
+        "raw": "<85>1 2025-03-18T15:11:22.912566+01:00 ood11 sudo: - sudo:    apache : PWD=/ ; USER=root ; COMMAND=/opt/ood/nginx_stage/sbin/nginx_stage pun -u vsc10520 -a https%3a%2f%2fportal.hpc.vub.be%3a443%2fnginx%2finit%3fredir%3d%24http_x_forwarded_escaped_uri",
+        "expected": {
+            "@source_host": "ood11",
+            "program": "sudo",
+            "sudo_pwd": "/",
+            "sudo_runas": "root",
+            "sudo_user": "apache",
+            "pun_command": "pun",
+            "pun_user": "vsc10520",
+        },
+    },
 ]