diff --git a/logcheck_ignore b/logcheck_ignore
index aacf874..ff434f9 100644
--- a/logcheck_ignore
+++ b/logcheck_ignore
@@ -361,7 +361,8 @@
 #Mar 26 16:18:46 nada sshd[3298]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
 #Apr  7 13:59:42 nada sshd[19013]: Received disconnect from 2.234.148.20: 11: ok [preauth]
 #Apr  3 12:26:03 nada sshd[15236]: Received disconnect from 125.212.232.83: 11: Closed due to user request. [preauth]
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+: 11: (ok|Bye|Closed due to user request.) \[preauth\]
+#May 14 10:15:47 nada sshd[26005]: Received disconnect from 115.239.230.223: 11: disconnect [preauth]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+: 11: (disconnect|ok|Bye|Closed due to user request.) \[preauth\]
 
 #Mar 24 11:06:21 kvarnen sshd[5495]: channel 4: open failed: administratively prohibited: open failed
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: channel [[:digit:]]: open failed: administratively prohibited: open failed
@@ -407,9 +408,16 @@
 
 #Aug 16 19:28:06 nada sshd[12135]: Postponed keyboard-interactive/pam for invalid user admin from 75.149.180.141 port 65264 ssh2 [preauth]
 #Aug 16 21:57:30 nada sshd[26976]: Postponed keyboard-interactive/pam for invalid user support from 103.207.36.244 port 59302 ssh2 [preauth]
-\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:  Postponed keyboard-interactive/pam for invalid user support from [.:[:digit:]]+ port [[:digit:]]+ ssh2 \[preauth\]
+\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive/pam for invalid user [[:alnum:]]+ from [.:[:digit:]]+ port [[:digit:]]+ ssh2 \[preauth\]
 
+#Apr 22 14:23:22 nada sshd[19599]: subsystem request for sftp by user petter
+\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp by user [[:alnum:]]+
 
+#May 28 00:22:32 nada sshd[4355]: input_userauth_request: invalid user oliver\\r [preauth]
+\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user [._[:alnum:]]+(\\\\r)? \[preauth\]
+
+#Apr 21 16:11:24 nada sshd[20234]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=host.94.220.181.95.rev.numer.gy  user=root
+\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=[.[:alnum:]]+  user=root
 
 #
 # SUHOSIN