diff --git a/logcheck-fw-sshd b/logcheck-fw-sshd
index 000bdcc..1ec1706 100644
--- a/logcheck-fw-sshd
+++ b/logcheck-fw-sshd
@@ -152,6 +152,21 @@
 \w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection (closed|reset) by [.:[:digit:]]+ port [[:digit:]]+
 
 #Oct 28 19:58:35 nada sshd[12067]: Connection reset by invalid user  178.73.215.171 port 60178 [preauth]
-\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection reset by invalid user  [.:[:digit:]]+ port [[:digit:]]+ \[preauth\]
+#Feb  2 03:18:13 nada sshd[22960]: Connection reset by invalid user admin 61.74.183.79 port 61300 [preauth]
+#Feb  2 04:36:04 nada sshd[25211]: Connection reset by invalid user default 220.80.142.228 port 60384 [preauth]
+#Feb  2 06:03:18 nada sshd[27153]: Connection reset by invalid user pi 175.196.231.248 port 53934 [preauth]
+\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection reset by invalid user ([[:alnum:]]+)? [.:[:digit:]]+ port [[:digit:]]+ \[preauth\]
 
 
+
+#Feb  1 17:36:00 nada sshd[11797]: error: beginning MaxStartups throttling
+\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: beginning MaxStartups throttling
+
+
+
+#Feb  1 17:36:00 nada sshd[11797]: drop connection #8 from [185.187.169.16]:43156 on [66.23.226.92]:22 past MaxStartups
+\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: drop connection #[[:digit:]] from \[[.:[:digit:]]+\]:[[:digit:]]+ on \[[.:[:digit:]]+\]:22 past MaxStartups
+
+
+#Feb  1 17:38:06 nada sshd[11797]: exited MaxStartups throttling after 00:02:06, 21 connections dropped
+\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: exited MaxStartups throttling after [[:digit:]]+:[[:digit:]]+:[[:digit:]]+, [[:digit:]]+ connections dropped
diff --git a/logcheck_debian b/logcheck_debian
index 725c87d..13a21c2 100644
--- a/logcheck_debian
+++ b/logcheck_debian
@@ -276,7 +276,10 @@
 #Mar 30 20:47:04 nada sm-mta[9603]: STARTTLS=client, relay=mail-gw01.fsdata.se., version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-SHA, bits=128/128
 #Sep 11 00:02:05 cocacola sm-mta[4678]: STARTTLS=client, relay=mail.wahlberg.se., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
 #Mar  9 00:02:06 cocacola sm-mta[30768]: STARTTLS=client, relay=mail.wahlberg.se., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=client, relay=[-.:[:alnum:]]+, (version=TLSv1(.2)?(/SSLv3)?, verify=FAIL, cipher=[-[:alnum:]]+, bits=[/[:digit:]]+|field=cn_subject, status=failed to extract CN)
+#Feb  1 22:21:52 nada sm-mta[12010]: STARTTLS=client, relay=mx.ilait.se., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
+#Feb  1 14:50:24 nada sm-mta[31372]: STARTTLS=client, relay=mail2.ahrenbecks.se., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
+#Feb  1 15:03:04 nada sm-mta[31865]: STARTTLS=client, relay=mx2.pub.mailpod2-cph3.one.com., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=client, relay=[-.:[:alnum:]]+, (version=TLSv1(.[[:digit:]])?(\/SSLv3)?, verify=FAIL, cipher=[-_[:alnum:]]+, bits=[/[:digit:]]+|field=cn_subject, status=failed to extract CN)
 
 #Mar 22 13:31:42 nada sendmail[24653]: gethostbyaddr(127.0.0.2) failed: 1
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sendmail\[[[:digit:]]+\]: gethostbyaddr\(127.0.0.2\) failed: 1
diff --git a/testlog b/testlog
index ca092b1..00f82c5 100644
--- a/testlog
+++ b/testlog
@@ -733,6 +733,19 @@ Feb  5 10:57:28 nada sshd[10568]: error: kex protocol error: type 30 seq 1 [prea
 Feb  4 12:47:13 nada sshd[8428]: error: kex_exchange_identification: client sent invalid protocol identifier "0"
 Feb  5 12:34:09 nada opendkim[11209]: 215BY3W7014029: can't parse From: header value ' Administrator'
 Feb  4 21:20:45 nada opendkim[11209]: 214KKdrR021463: syntax error: missing parameter(s) in signature data
+Feb  2 03:18:13 nada sshd[22960]: Connection reset by invalid user admin 61.74.183.79 port 61300 [preauth]
+Feb  2 04:36:04 nada sshd[25211]: Connection reset by invalid user default 220.80.142.228 port 60384 [preauth]
+Feb  2 06:03:18 nada sshd[27153]: Connection reset by invalid user pi 175.196.231.248 port 53934 [preauth]
+Feb  1 22:21:52 nada sm-mta[12010]: STARTTLS=client, relay=mx.ilait.se., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
+Feb  1 14:50:24 nada sm-mta[31372]: STARTTLS=client, relay=mail2.ahrenbecks.se., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
+Feb  1 14:52:25 nada sshd[31488]: Connection reset by invalid user admin 220.133.144.131 port 53363 [preauth]
+Feb  1 15:03:04 nada sm-mta[31865]: STARTTLS=client, relay=mx2.pub.mailpod2-cph3.one.com., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
+Feb  1 17:36:00 nada sshd[11797]: error: beginning MaxStartups throttling
+Feb  1 17:36:00 nada sshd[11797]: drop connection #8 from [185.187.169.16]:43156 on [66.23.226.92]:22 past MaxStartups
+Feb  1 17:38:06 nada sshd[11797]: exited MaxStartups throttling after 00:02:06, 21 connections dropped
+
+
+
 
 Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
 Aug 23 18:39:24 nada fredrik[1713]: Sista raden