diff --git a/SOURCES/rsyslog-8.1911.0-rhbz1944756-large-group.patch b/SOURCES/rsyslog-8.1911.0-rhbz1944756-large-group.patch
new file mode 100644
index 0000000..d9633b5
--- /dev/null
+++ b/SOURCES/rsyslog-8.1911.0-rhbz1944756-large-group.patch
@@ -0,0 +1,49 @@
+diff -up rsyslog-8.1911.0/grammar/rainerscript.c.orig rsyslog-8.1911.0/grammar/rainerscript.c
+--- rsyslog-8.1911.0/grammar/rainerscript.c.orig	2021-04-06 13:43:55.366523373 +0200
++++ rsyslog-8.1911.0/grammar/rainerscript.c	2021-04-06 13:44:40.039239056 +0200
+@@ -905,15 +905,29 @@ static int
+ doGetGID(struct nvlst *valnode, struct cnfparamdescr *param,
+ 	  struct cnfparamvals *val)
+ {
+-	char *cstr;
+-	int r;
+-	struct group *resultBuf;
+-	struct group wrkBuf;
+-	char stringBuf[2048]; /* 2048 has been proven to be large enough */
++        char *cstr;
++        int r;
++        struct group *resultBuf = NULL;
++        struct group wrkBuf;
++        char *stringBuf = NULL;
++        size_t bufSize = 1024;
++        int e;
++
++        cstr = es_str2cstr(valnode->val.d.estr, NULL);
++        do {
++                char *p;
++
++                /* Increase bufsize and try again.*/
++                bufSize *= 2;
++                p = realloc(stringBuf, bufSize);
++                if(!p) {
++                        e = ENOMEM;
++                        break;
++                }
++                stringBuf = p; 
++                e = getgrnam_r(cstr, &wrkBuf, stringBuf, bufSize, &resultBuf);
++        } while(!resultBuf && (e == ERANGE));
+ 
+-	cstr = es_str2cstr(valnode->val.d.estr, NULL);
+-	const int e = getgrnam_r(cstr, &wrkBuf, stringBuf,
+-		sizeof(stringBuf), &resultBuf);
+ 	if(resultBuf == NULL) {
+ 		if(e != 0) {
+ 			LogError(e, RS_RET_ERR, "parameter '%s': error to "
+@@ -929,6 +943,7 @@ doGetGID(struct nvlst *valnode, struct c
+ 		   param->name, (int) resultBuf->gr_gid, cstr);
+ 		r = 1;
+ 	}
++	free(stringBuf);
+ 	free(cstr);
+ 	return r;
+ }
diff --git a/SPECS/rsyslog.spec b/SPECS/rsyslog.spec
index aec3d13..2847707 100644
--- a/SPECS/rsyslog.spec
+++ b/SPECS/rsyslog.spec
@@ -6,7 +6,7 @@
 Summary: Enhanced system logging and kernel message trapping daemon
 Name: rsyslog
 Version: 8.1911.0
-Release: 7%{?dist}
+Release: 7%{?dist}.2
 License: (GPLv3+ and ASL 2.0)
 Group: System Environment/Daemons
 ExcludeArch: i686
@@ -54,6 +54,7 @@ Patch4: rsyslog-8.1911.0-rhbz1659383-config-enabled-error.patch
 Patch5: rsyslog-8.1911.0-rhbz1789675-serialize-crash-race.patch
 Patch6: rsyslog-8.1911.0-rhbz1793569-imfile-file_id.patch
 Patch7: rsyslog-8.1911.0-rhbz1843994-imfile-selinux-symlink-crash.patch
+Patch8: rsyslog-8.1911.0-rhbz1944756-large-group.patch
 
 %package crypto
 Summary: Encryption support
@@ -263,6 +264,7 @@ mv build doc
 %patch5 -p1 -b .serialize-json
 %patch6 -p1 -b .imfile-id
 %patch7 -p1 -b .imfile-selinux-symlink
+%patch8 -p1 -b .large-groups
 
 %build
 %ifarch sparc64
@@ -499,6 +501,10 @@ done
 %{_libdir}/rsyslog/omudpspoof.so
 
 %changelog
+* Tue Apr 06 2021 Attila Lakatos <alakatos@redhat.com> - 8.1911.0-7.2
+- added patch resolving theoretically "too large" groups
+  resolves:rhbz#1944756
+
 * Wed Nov 18 2020 Attila Lakatos <alakatos@redhat.com> - 8.1911.0-7
 - add back rsyslog-udpspoof package
   resolves: rhbz#1869874