diff --git a/logcheck_ubuntu b/logcheck_ubuntu
index 981f849..0e6835e 100644
--- a/logcheck_ubuntu
+++ b/logcheck_ubuntu
@@ -88,7 +88,9 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+ port [.:[:digit:]]+:11: (disconnected by user| \[preauth\])
 
 #Mar  2 13:42:26 marconi sshd[25003]: Disconnected from 155.4.131.66 port 2983
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from [.:[:digit:]]+ (port [.:[:digit:]]+ )?
+#Nov  2 13:26:23 marconi sshd[4249]: Disconnected from user fredrik 66.23.226.92 port 38190
+#Nov  2 13:28:15 marconi sshd[5020]: Disconnected from user fredrik 66.23.226.92 port 39248
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from (user [[:alnum:]]+ )?[.:[:digit:]]+ (port [.:[:digit:]]+ )?
 
 #Nov  2 07:59:27 marconi sshd[1655]: Disconnected from invalid user admin 121.156.90.110 port 46078 [preauth]
 #Nov  2 08:01:51 marconi sshd[3848]: Disconnected from authenticating user root 121.18.238.123 port 47854 [preauth]
@@ -133,7 +135,8 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from [.:[:digit:]]+ port [.:[:digit:]]+: DH GEX group out of range \[preauth\]
 
 #Nov  2 07:49:45 marconi sshd[30998]: Disconnecting authenticating user root 180.130.191.9 port 45306: Too many authentication failures [preauth]
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting authenticating user root [.:[:digit:]]+ port [.:[:digit:]]+: Too many authentication failures \[preauth\]
+#Nov  2 13:11:27 marconi sshd[31688]: Disconnecting invalid user admin 114.97.151.158 port 40382: Too many authentication failures [preauth]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting (invalid|authenticating) user [[:alnum:]]+ [.:[:digit:]]+ port [.:[:digit:]]+: Too many authentication failures \[preauth\]
 
 #
 # SYSTEMD
diff --git a/testlog b/testlog
index 241b021..4a0c978 100644
--- a/testlog
+++ b/testlog
@@ -604,6 +604,9 @@ Nov  2 11:19:59 marconi sshd[20563]: Connection closed by authenticating user ro
 Nov  2 11:28:15 marconi sshd[23379]: Connection closed by invalid user admin 218.206.69.40 port 2049 [preauth]
 Nov  2 11:29:01 marconi sshd[23537]: Connection closed by invalid user test 106.247.228.75 port 6920 [preauth]
 Nov  2 11:55:16 marconi sshd[496]: Connection closed by authenticating user root 112.29.245.145 port 2049 [preauth]
+Nov  2 13:11:27 marconi sshd[31688]: Disconnecting invalid user admin 114.97.151.158 port 40382: Too many authentication failures [preauth]
+Nov  2 13:26:23 marconi sshd[4249]: Disconnected from user fredrik 66.23.226.92 port 38190
+Nov  2 13:28:15 marconi sshd[5020]: Disconnected from user fredrik 66.23.226.92 port 39248
 
 
 Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...