diff --git a/logcheck-fw-sshd b/logcheck-fw-sshd
index 03f7605..220fcc8 100644
--- a/logcheck-fw-sshd
+++ b/logcheck-fw-sshd
@@ -154,7 +154,8 @@
 #Feb  2 03:18:13 nada sshd[22960]: Connection reset by invalid user admin 61.74.183.79 port 61300 [preauth]
 #Feb  2 04:36:04 nada sshd[25211]: Connection reset by invalid user default 220.80.142.228 port 60384 [preauth]
 #Feb  2 06:03:18 nada sshd[27153]: Connection reset by invalid user pi 175.196.231.248 port 53934 [preauth]
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection reset by invalid user ([[:alnum:]]+)? [.:[:digit:]]+ port [[:digit:]]+ \[preauth\]
+#Feb 11 23:15:56 nada sshd[24603]: Connection reset by invalid user ec2-user 59.27.78.36 port 61591 [preauth]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection reset by invalid user ([-$[:alnum:]]+)? [.:[:digit:]]+ port [[:digit:]]+ \[preauth\]
 
 
 
diff --git a/testlog b/testlog
index e21baa0..181b4f3 100644
--- a/testlog
+++ b/testlog
@@ -769,7 +769,7 @@ Feb  2 14:16:36 nada named[11745]: _default: sending trust-anchor-telemetry quer
 Feb  5 01:04:52 nada sshd[26681]: fatal: userauth_pubkey: parse request failed: incomplete message [preauth]
 Feb  5 01:55:57 nada sshd[27887]: error: maximum authentication attempts exceeded for invalid user ec2-user from 183.107.58.230 port 63999 ssh2 [preauth]
 Feb  5 01:55:57 nada sshd[27887]: Disconnecting invalid user ec2-user 183.107.58.230 port 63999: Too many authentication failures [preauth]
-
+Feb 11 23:15:56 nada sshd[24603]: Connection reset by invalid user ec2-user 59.27.78.36 port 61591 [preauth]
 
 Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
 Aug 23 18:39:24 nada fredrik[1713]: Sista raden