diff --git a/logcheck_ignore b/logcheck_ignore
index ff434f9..80ab1f5 100644
--- a/logcheck_ignore
+++ b/logcheck_ignore
@@ -362,7 +362,8 @@
 #Apr  7 13:59:42 nada sshd[19013]: Received disconnect from 2.234.148.20: 11: ok [preauth]
 #Apr  3 12:26:03 nada sshd[15236]: Received disconnect from 125.212.232.83: 11: Closed due to user request. [preauth]
 #May 14 10:15:47 nada sshd[26005]: Received disconnect from 115.239.230.223: 11: disconnect [preauth]
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+: 11: (disconnect|ok|Bye|Closed due to user request.) \[preauth\]
+#Aug 17 10:52:11 nada sshd[24804]: Received disconnect from 89.97.55.33: 11: disconnected by user [preauth]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+: 11: (disconnect(ed by user)?|ok|Bye|Closed due to user request.) \[preauth\]
 
 #Mar 24 11:06:21 kvarnen sshd[5495]: channel 4: open failed: administratively prohibited: open failed
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: channel [[:digit:]]: open failed: administratively prohibited: open failed
diff --git a/testlog b/testlog
index d5c0d19..47dd291 100644
--- a/testlog
+++ b/testlog
@@ -213,3 +213,4 @@ Jun 25 17:16:28 nada sshd[7066]: input_userauth_request: invalid user secret\\r
 Jun 25 17:26:26 nada sshd[7935]: input_userauth_request: invalid user user\\r [preauth]
 Aug 16 19:28:06 nada sshd[12135]: Postponed keyboard-interactive/pam for invalid user admin from 75.149.180.141 port 65264 ssh2 [preauth]
 Aug 16 21:57:30 nada sshd[26976]: Postponed keyboard-interactive/pam for invalid user support from 103.207.36.244 port 59302 ssh2 [preauth]
+Aug 17 10:52:11 nada sshd[24804]: Received disconnect from 89.97.55.33: 11: disconnected by user [preauth]