diff --git a/logcheck_ubuntu b/logcheck_ubuntu
index b121da7..cc24f2d 100644
--- a/logcheck_ubuntu
+++ b/logcheck_ubuntu
@@ -105,7 +105,9 @@ Feb  5 14:59:07 marconi sshd[21801]: Connection closed by invalid user  0101 5.1
 
 #Nov  2 07:59:27 marconi sshd[1655]: Disconnected from invalid user admin 121.156.90.110 port 46078 [preauth]
 #Nov  2 08:01:51 marconi sshd[3848]: Disconnected from authenticating user root 121.18.238.123 port 47854 [preauth]
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from (invalid|authenticating) user [[:alnum:]]+ [.:[:digit:]]+ port [[:digit:]]+ \[preauth\]
+#Apr  7 17:14:40 marconi sshd[7328]: Disconnected from invalid user ftp_user 91.121.77.149 port 34669 [preauth]
+#Apr  7 16:23:06 marconi sshd[28989]: Disconnected from invalid user wp-user 188.166.216.84 port 59622 [preauth]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from (invalid|authenticating) user [-_[:alnum:]]+ [.:[:digit:]]+ port [[:digit:]]+ \[preauth\]
 
 #Mar  2 17:00:24 marconi sshd[556]: Connection reset by 119.147.115.37 port 1841 [preauth]
 #Mar  2 17:07:35 marconi sshd[2635]: Connection reset by 119.147.115.37 port 1070 [preauth]
diff --git a/testlog b/testlog
index 851bdc1..39903b6 100644
--- a/testlog
+++ b/testlog
@@ -644,7 +644,8 @@ Mar  9 06:51:00 nada spamd[29947]: spamd: server socket closed, type IO::Socket:
 Mar  9 06:51:00 nada spamassassin.pid --create-prefs --max-children 5 --helper-home-dir --user-config: spamd: restarting using '/usr/sbin/spamd -d --pidfile=/var/run/spamassassin.pid --create-prefs --max-children 5 --helper-home-dir --user-config'
 Mar  9 06:51:02 nada spamd[31055]: zoom: able to use 345/345 'body_0' compiled rules (100%)
 Mar  9 06:51:04 nada spamd[31055]: spamd: server started on IO::Socket::IP [127.0.0.1]:783 (running version 3.4.0)
-
+Apr  7 17:14:40 marconi sshd[7328]: Disconnected from invalid user ftp_user 91.121.77.149 port 34669 [preauth]
+Apr  7 16:23:06 marconi sshd[28989]: Disconnected from invalid user wp-user 188.166.216.84 port 59622 [preauth]
 
 Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
 Aug 23 18:39:24 nada fredrik[1713]: Sista raden