diff --git a/logcheck-fw-sshd b/logcheck-fw-sshd
index d8fd940..03f7605 100644
--- a/logcheck-fw-sshd
+++ b/logcheck-fw-sshd
@@ -173,4 +173,13 @@
 #Feb  2 13:35:21 nada sshd[13048]: ssh_dispatch_run_fatal: Connection from 69.112.204.55 port 37348: Connection corrupted [preauth]
 #Feb  2 22:47:21 nada sshd[21634]: ssh_dispatch_run_fatal: Connection from 70.114.119.116 port 39346: Connection corrupted [preauth]
 #Jan 31 05:32:36 nada sshd[30890]: ssh_dispatch_run_fatal: Connection from 121.157.157.209 port 63506: message authentication code incorrect [preauth]
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from [.:[:digit:]]+ port [[:digit:]]+: (message authentication code incorrect|Connection corrupted) \[preauth\]
\ No newline at end of file
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from [.:[:digit:]]+ port [[:digit:]]+: (message authentication code incorrect|Connection corrupted) \[preauth\]
+
+#Feb  5 01:04:52 nada sshd[26681]: fatal: userauth_pubkey: parse request failed: incomplete message [preauth]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: userauth_pubkey: parse request failed: incomplete message \[preauth\]
+
+#Feb  5 01:55:57 nada sshd[27887]: error: maximum authentication attempts exceeded for invalid user ec2-user from 183.107.58.230 port 63999 ssh2 [preauth]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: maximum authentication attempts exceeded for invalid user [-[:alnum:]]+ from [.:[:digit:]]+ port [[:digit:]]+ ssh2 \[preauth\]
+
+#Feb  5 01:55:57 nada sshd[27887]: Disconnecting invalid user ec2-user 183.107.58.230 port 63999: Too many authentication failures [preauth]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting invalid user [-[:alnum:]]+ [.:[:digit:]]+ port [[:digit:]]+: Too many authentication failures \[preauth\]
\ No newline at end of file
diff --git a/testlog b/testlog
index 590f684..e21baa0 100644
--- a/testlog
+++ b/testlog
@@ -766,7 +766,9 @@ Feb  2 13:35:21 nada sshd[13048]: ssh_dispatch_run_fatal: Connection from 69.112
 Feb  2 22:47:21 nada sshd[21634]: ssh_dispatch_run_fatal: Connection from 70.114.119.116 port 39346: Connection corrupted [preauth]
 Jan 31 05:32:36 nada sshd[30890]: ssh_dispatch_run_fatal: Connection from 121.157.157.209 port 63506: message authentication code incorrect [preauth]
 Feb  2 14:16:36 nada named[11745]: _default: sending trust-anchor-telemetry query '_ta-4f66/NULL'
-
+Feb  5 01:04:52 nada sshd[26681]: fatal: userauth_pubkey: parse request failed: incomplete message [preauth]
+Feb  5 01:55:57 nada sshd[27887]: error: maximum authentication attempts exceeded for invalid user ec2-user from 183.107.58.230 port 63999 ssh2 [preauth]
+Feb  5 01:55:57 nada sshd[27887]: Disconnecting invalid user ec2-user 183.107.58.230 port 63999: Too many authentication failures [preauth]
 
 
 Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...