From 5ebeb3e068978f3706c2640ca5ca7cd06ba32770 Mon Sep 17 00:00:00 2001
From: Fredrik Wahlberg <fredrik@wahlberg.se>
Date: Sun, 31 Mar 2024 22:45:07 +0200
Subject: [PATCH] end added

---
 logcheck-fw-sshd | 3 ++-
 testlog          | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/logcheck-fw-sshd b/logcheck-fw-sshd
index 9b71267..fd4d1bd 100644
--- a/logcheck-fw-sshd
+++ b/logcheck-fw-sshd
@@ -19,7 +19,8 @@
 #Mar 19 04:36:45 marconi sshd[26598]: error: Received disconnect from 46.165.220.212 port 52999:13: User request [preauth]
 #Mar 27 21:52:08 nada sshd[31920]: Received disconnect from 212.70.149.150 port 19201:11: Bye [preauth]
 #Mar 27 23:07:45 nada sshd[951]: Received disconnect from 212.70.149.150 port 36664:11: Bye [preauth]
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:( error:)? Received disconnect from [.:[:digit:]]+( port [[:digit:]]+:|: )(3|11|13): (java.net.SocketTimeoutException|com.jcraft.jsch.JSchException|User request|Bye)(: )?(reject HostKey: [.:[:digit:]]+|Auth fail|Read timed out|Auth cancel)? \[preauth\]
+#Mar 31 08:57:09 nada sshd[32339]: Received disconnect from 185.224.128.34 port 38898:11: end [preauth]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:( error:)? Received disconnect from [.:[:digit:]]+( port [[:digit:]]+:|: )(3|11|13): (java.net.SocketTimeoutException|com.jcraft.jsch.JSchException|User request|Bye|end)(: )?(reject HostKey: [.:[:digit:]]+|Auth fail|Read timed out|Auth cancel)? \[preauth\]
 
 #Mar 26 16:18:46 nada sshd[3298]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
 #Apr  7 13:59:42 nada sshd[19013]: Received disconnect from 2.234.148.20: 11: ok [preauth]
diff --git a/testlog b/testlog
index 4c9d423..7850d2c 100644
--- a/testlog
+++ b/testlog
@@ -786,5 +786,7 @@ Jan 20 19:12:46 nada named[256]: client @0xf20be340 45.148.10.241#23353 (e\003co
 Jan 21 09:45:23 nada sshd[14807]: error: kex_protocol_error: type 20 seq 2 [preauth]
 Mar 27 21:52:08 nada sshd[31920]: Received disconnect from 212.70.149.150 port 19201:11: Bye [preauth]
 Mar 27 23:07:45 nada sshd[951]: Received disconnect from 212.70.149.150 port 36664:11: Bye [preauth]
+Mar 31 08:57:09 nada sshd[32339]: Received disconnect from 185.224.128.34 port 38898:11: end [preauth]
+
 Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
 Aug 23 18:39:24 nada fredrik[1713]: Sista raden