diff --git a/logcheck_ignore b/logcheck_ignore
index 82e0266..a9457bb 100644
--- a/logcheck_ignore
+++ b/logcheck_ignore
@@ -423,7 +423,8 @@
 
 #Aug 16 19:28:06 nada sshd[12135]: Postponed keyboard-interactive/pam for invalid user admin from 75.149.180.141 port 65264 ssh2 [preauth]
 #Aug 16 21:57:30 nada sshd[26976]: Postponed keyboard-interactive/pam for invalid user support from 103.207.36.244 port 59302 ssh2 [preauth]
-\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive/pam for invalid user [[:alnum:]]+ from [.:[:digit:]]+ port [[:digit:]]+ ssh2 \[preauth\]
+#Mar  1 09:28:37 nada sshd[4919]: Postponed keyboard-interactive/pam for root from 218.65.30.43 port 23516 ssh2 [preauth]
+\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive/pam for( invalid user)? [[:alnum:]]+ from [.:[:digit:]]+ port [[:digit:]]+ ssh2 \[preauth\]
 
 #Apr 22 14:23:22 nada sshd[19599]: subsystem request for sftp by user petter
 \w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp by user [[:alnum:]]+
diff --git a/testlog b/testlog
index 8629201..81358fe 100644
--- a/testlog
+++ b/testlog
@@ -232,3 +232,7 @@ Feb 28 11:10:33 nada sshd[15274]: Disconnecting: Too many authentication failure
 Feb 28 11:29:39 nada sshd[17072]: Disconnecting: Too many authentication failures for admin [preauth]
 Feb 27 16:45:52 nada sshd[2023]: Received disconnect from 74.208.146.17: 3: com.jcraft.jsch.JSchException: Auth cancel [preauth]
 Feb 28 03:09:57 nada sshd[30462]: Received disconnect from 47.89.188.218: 3: com.jcraft.jsch.JSchException: Auth cancel [preauth]
+Mar  1 09:28:37 nada sshd[4919]: Postponed keyboard-interactive/pam for root from 218.65.30.43 port 23516 ssh2 [preauth]
+Mar  1 09:28:40 nada sshd[4919]: Postponed keyboard-interactive/pam for root from 218.65.30.43 port 23516 ssh2 [preauth]
+Mar  1 09:28:43 nada sshd[4919]: Postponed keyboard-interactive/pam for root from 218.65.30.43 port 23516 ssh2 [preauth]
+Mar  1 09:29:01 nada sshd[4939]: Postponed keyboard-interactive/pam for root from 218.65.30.43 port 58713 ssh2 [preauth]