Fler justeringar

logcheck_ubuntu

@@ -88,7 +88,9 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+ port [.:[:digit:]]+:11: (disconnected by user| \[preauth\])
 
 #Mar  2 13:42:26 marconi sshd[25003]: Disconnected from 155.4.131.66 port 2983
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from [.:[:digit:]]+ (port [.:[:digit:]]+ )?
+#Nov  2 13:26:23 marconi sshd[4249]: Disconnected from user fredrik 66.23.226.92 port 38190
+#Nov  2 13:28:15 marconi sshd[5020]: Disconnected from user fredrik 66.23.226.92 port 39248
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from (user [[:alnum:]]+ )?[.:[:digit:]]+ (port [.:[:digit:]]+ )?
 
 #Nov  2 07:59:27 marconi sshd[1655]: Disconnected from invalid user admin 121.156.90.110 port 46078 [preauth]
 #Nov  2 08:01:51 marconi sshd[3848]: Disconnected from authenticating user root 121.18.238.123 port 47854 [preauth]
@@ -133,7 +135,8 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from [.:[:digit:]]+ port [.:[:digit:]]+: DH GEX group out of range \[preauth\]
 
 #Nov  2 07:49:45 marconi sshd[30998]: Disconnecting authenticating user root 180.130.191.9 port 45306: Too many authentication failures [preauth]
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting authenticating user root [.:[:digit:]]+ port [.:[:digit:]]+: Too many authentication failures \[preauth\]
+#Nov  2 13:11:27 marconi sshd[31688]: Disconnecting invalid user admin 114.97.151.158 port 40382: Too many authentication failures [preauth]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting (invalid|authenticating) user [[:alnum:]]+ [.:[:digit:]]+ port [.:[:digit:]]+: Too many authentication failures \[preauth\]
 
 #
 # SYSTEMD