diff --git a/logcheck-fw-sshd b/logcheck-fw-sshd
index 220fcc8..26e25a3 100644
--- a/logcheck-fw-sshd
+++ b/logcheck-fw-sshd
@@ -28,6 +28,9 @@
 #Apr  2 16:50:49 nada sshd[1363]: Received disconnect from 58.218.199.145: 11:  [preauth]
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+: (11|13): (User request|disconnect(ed by user)?|ok|Bye|Closed due to user request.)? \[preauth\]
 
+#Feb 20 17:01:46 nada sshd[32112]: Received disconnect from 82.183.31.32 port 49498:11: cleanup
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:( error:)? Received disconnect from [.:[:digit:]]+( port [:[:digit:]]+): cleanup
+
 #Mar 24 11:06:21 kvarnen sshd[5495]: channel 4: open failed: administratively prohibited: open failed
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: channel [[:digit:]]: open failed: administratively prohibited: open failed
 
diff --git a/testlog b/testlog
index 181b4f3..c7e54d3 100644
--- a/testlog
+++ b/testlog
@@ -770,6 +770,7 @@ Feb  5 01:04:52 nada sshd[26681]: fatal: userauth_pubkey: parse request failed:
 Feb  5 01:55:57 nada sshd[27887]: error: maximum authentication attempts exceeded for invalid user ec2-user from 183.107.58.230 port 63999 ssh2 [preauth]
 Feb  5 01:55:57 nada sshd[27887]: Disconnecting invalid user ec2-user 183.107.58.230 port 63999: Too many authentication failures [preauth]
 Feb 11 23:15:56 nada sshd[24603]: Connection reset by invalid user ec2-user 59.27.78.36 port 61591 [preauth]
+Feb 20 17:01:46 nada sshd[32112]: Received disconnect from 82.183.31.32 port 49498:11: cleanup
 
 Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
 Aug 23 18:39:24 nada fredrik[1713]: Sista raden