diff --git a/logcheck_ignore b/logcheck_ignore
index 8254c2d..bc9c2f4 100644
--- a/logcheck_ignore
+++ b/logcheck_ignore
@@ -385,7 +385,10 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_unix\(sshd:auth\): conversation failed
 
 #May 11 19:13:29 nada sshd[10882]: pam_krb5(sshd:auth): authentication failure; logname=ai_luat uid=0 euid=0 tty=ssh ruser= rhost=218.200.188.213
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_krb5\(sshd:auth\): authentication failure; logname=ai_luat uid=0 euid=0 tty=ssh ruser= rhost=[.:[:digit:]]+
+#May 15 03:18:15 nada sshd[23461]: pam_krb5(sshd:auth): authentication failure; logname=.php uid=0 euid=0 tty=ssh ruser= rhost=59.0.85.43
+#May 27 23:53:37 nada sshd[499]: pam_krb5(sshd:auth): authentication failure; logname=tbs#015 uid=0 euid=0 tty=ssh ruser= rhost=58.117.82.210
+#May 28 00:22:32 nada sshd[4355]: pam_krb5(sshd:auth): authentication failure; logname=oliver#015 uid=0 euid=0 tty=ssh ruser= rhost=58.117.82.210
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: pam_krb5\(sshd:auth\): authentication failure; logname=[.#_[:alnum:]]+ uid=0 euid=0 tty=ssh ruser= rhost=[.:[:digit:]]+
 
 #Apr 10 20:50:19 nada sshd(pam_google_authenticator)[6490]: Trying to reuse a previously used time-based code. Retry again in 30 seconds. Warning! This might mean, you are currently subject to a man-in-the-middle attack
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\(pam_google_authenticator\)\[[[:digit:]]+\]: Trying to reuse a previously used time-based code. Retry again in 30 seconds. Warning! This might mean, you are currently subject to a man-in-the-middle attack
diff --git a/testlog b/testlog
index f62c124..3ec673f 100644
--- a/testlog
+++ b/testlog
@@ -200,3 +200,10 @@ May  3 16:54:08 nada spamd[18801]: razor2: razor2 check failed: Invalid argument
 May 11 19:13:29 nada sshd[10882]: input_userauth_request: invalid user ai_luat [preauth]
 May 11 19:13:29 nada sshd[10882]: pam_krb5(sshd:auth): authentication failure; logname=ai_luat uid=0 euid=0 tty=ssh ruser= rhost=218.200.188.213
 May 13 16:59:50 kvarnen sshd[21380]: Bad protocol version identification '' from 171.13.14.52 port 59637
+May 14 10:15:47 nada sshd[26005]: Received disconnect from 115.239.230.223: 11: disconnect [preauth]
+May 15 03:18:15 nada sshd[23461]: input_userauth_request: invalid user .php [preauth]
+May 15 03:18:15 nada sshd[23461]: pam_krb5(sshd:auth): authentication failure; logname=.php uid=0 euid=0 tty=ssh ruser= rhost=59.0.85.43
+May 27 23:53:37 nada sshd[499]: input_userauth_request: invalid user tbs\\r [preauth]
+May 27 23:53:37 nada sshd[499]: pam_krb5(sshd:auth): authentication failure; logname=tbs#015 uid=0 euid=0 tty=ssh ruser= rhost=58.117.82.210
+May 28 00:22:32 nada sshd[4355]: input_userauth_request: invalid user oliver\\r [preauth]
+May 28 00:22:32 nada sshd[4355]: pam_krb5(sshd:auth): authentication failure; logname=oliver#015 uid=0 euid=0 tty=ssh ruser= rhost=58.117.82.210