diff --git a/logcheck_ignore b/logcheck_ignore
index b090835..a54e5d6 100644
--- a/logcheck_ignore
+++ b/logcheck_ignore
@@ -1,3 +1,19 @@
+#
+# AUTH
+#
+# Mar 10 21:31:03 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=katarina rhost=66.23.226.92  user=katarina
+# Mar  8 18:05:09 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=fredrik uid=0 euid=0 tty=dovecot ruser=fredrik rhost=::1
+# Mar 23 19:49:48 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=petter@lidberg.se uid=0 euid=0 tty=dovecot ruser=petter@lidberg.se rhost=187.131.22.215
+# Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=petter@lidberg.se rhost=187.131.22.215
+# Mar 24 18:13:26 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=fredmiranda@mc-cabe.com uid=0 euid=0 tty=dovecot ruser=fredmiranda@mc-cabe.com rhost=41.105.13.141
+# Mar 24 18:13:26 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=fredmiranda@mc-cabe.com rhost=41.105.13.141
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auth: pam_(krb5|unix)\(dovecot:auth\): authentication failure\; logname=([-.@[:alnum:]]+)? uid=[[:digit:]]+ euid=[[:digit:]]+ tty=dovecot ruser=[-.@[:alnum:]]+ rhost=[.:[:xdigit:]]+
+
+# Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): check pass; user unknown
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auth: pam_unix\(dovecot:auth\): check pass; user unknown
+
+
+
 #
 # CLAMAV
 #
@@ -113,6 +129,16 @@
 #Mar 22 13:03:22 kvarnen dovecot: pop3-login: Disconnected (tried to use disallowed plaintext auth): user=<>, rip=218.29.231.21, lip=95.170.86.14, session=<zjjk/6EudwDaHecV>
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: pop3-login: (Disconnected|Aborted login) \(tried to use disallowed plaintext auth\): user=<>, rip=[.:[:digit:]]+, lip=[.:[:digit:]]+, session=<[+/[:alnum:]]+>
 
+#Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/sent-mail
+#Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/Trash
+#Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/Drafts
+#Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/mormors 100-&AOU-rsdag
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([[:alnum:]]+\): Warning: Subscriptions file [/[:alnum:]]+: Removing invalid entry: 
+
+#Mar 26 22:10:17 nada dovecot: pop3(ammis): Connection closed top=0/0, retr=29/1819516, del=0/73, size=4433634
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: pop3\([[:alnum:]]+\): Connection closed top=[/[:digit:]]+, retr=[/[:digit:]]+, del=[/[:digit:]]+, size=[[:digit:]]+
+
+
 
 #
 #  MONIT
@@ -120,8 +146,16 @@
 #Mar 10 15:21:02 nada monit[5075]: 'localhost' loadavg(5min) of 2.3 matches resource limit [loadavg(5min)>2.0]
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ monit\[[[:digit:]]+\]: 'localhost' loadavg\([[:digit:]]+min\) of [.[:digit:]]+ matches resource limit \[loadavg\([[:digit:]]+min\)>[.[:digit:]]+\]
 
+#Mar 26 18:09:14 nada monit[5075]: 'localhost' 'localhost' cpu wait usage check succeeded [current cpu wait usage=0.0%]
 #Mar 10 15:23:02 nada monit[5075]: 'localhost' 'localhost' loadavg(5min) check succeeded [current loadavg(5min)=1.8]
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ monit\[[[:digit:]]+\]: 'localhost' 'localhost' loadavg\([[:digit:]]+min\) check succeeded \[current loadavg\([[:digit:]]+min\)=[.[:digit:]]+\]
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ monit\[[[:digit:]]+\]: 'localhost' 'localhost' (loadavg\([[:digit:]]+min\)|cpu wait usage) check succeeded \[current (loadavg\([[:digit:]]+min\)|cpu wait usage)=[%.[:digit:]]+\]
+
+#Mar 27 06:31:18 nada monit[5075]: 'clamav-milter' process PID changed from 26461 to 14050
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ monit\[[[:digit:]]+\]: '[-[:alnum:]]+' process PID changed from [[:digit:]]+ to [[:digit:]]+
+
+#Mar 27 06:33:18 nada monit[5075]: 'clamav-milter' process PID has not changed since last cycle
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ monit\[[[:digit:]]+\]: '[-[:alnum:]]+' process PID has not changed since last cycle
+
 
 
 # 
@@ -161,6 +195,12 @@
 #Mar 24 02:08:41 nada named[5002]: client 192.42.132.103#45345: notify question section contains no SOA
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [#.[:digit:]]+: notify question section contains no SOA
 
+#Mar 26 21:45:26 nada named[5002]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.': success
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.': success
+
+#Mar 26 21:45:26 nada named[5002]: validating @0xb82ba940: . NS: got insecure response; parent indicates it should be secure
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: validating @0xb82ba940: . NS: got insecure response; parent indicates it should be secure
+
 #
 # SASLAUTHD
 #
@@ -202,6 +242,17 @@
 #Mar 22 13:31:42 nada sendmail[24653]: gethostbyaddr(127.0.0.2) failed: 1
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sendmail\[[[:digit:]]+\]: gethostbyaddr\(127.0.0.2\) failed: 1
 
+# Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (greylist): write(Q) returned -1, expected 5: Broken pipe
+# Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (spamassassin): write(Q) returned -1, expected 5: Broken pipe
+# Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (clamav): write(Q) returned -1, expected 5: Broken pipe
+# Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (greylist): to error state
+# Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (spamassassin): to error state
+# Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (clamav): to error state
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: Milter \([[:alnum:]]+\): (to error state|write\(Q\) returned -1, expected 5: Broken pipe)
+
+
+
+
 #
 #  SPAMD
 #
@@ -211,6 +262,26 @@
 #Mar 23 13:36:12 nada spamd[3731]: pyzor: check failed: internal error, python traceback seen in response
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: pyzor: check failed: internal error, python traceback seen in response
 
+#Mar 26 06:57:06 nada spamd[17910]: server socket setup failed, retry 1: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: server socket setup failed, retry [[:digit:]]: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
+
+#Mar 26 06:57:15 nada spamd[17910]: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
+
+#Mar 26 06:57:09 nada spamd[17905]: spamd: server started on port 783/tcp (running version 3.3.2)
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: server started on port 783/tcp \(running version [.[:digit:]]+\)
+
+#Mar 26 06:57:05 nada spamd[10050]: spamd: server hit by SIGHUP, restarting
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: server hit by SIGHUP, restarting
+
+#Mar 26 06:57:05 nada spamd[10050]: spamd: child [23926] killed successfully: interrupted, signal 2 (0002)
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: child \[[[:digit:]]+\] killed successfully: interrupted, signal 2 \(0002\)
+
+#Mar 26 06:57:05 nada spamd.pid[10050]: spamd: restarting using '/usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir --user-config -d --pidfile=/var/run/spamd.pid'
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd.pid\[[0-9]+\]: spamd: restarting using '/usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir --user-config -d --pidfile=/var/run/spamd.pid'
+
+
+
 #
 # SSHD
 #
@@ -225,15 +296,8 @@
 # Mar  8 12:09:30 nada sshd[26267]: Received disconnect from 199.91.135.158: 3: com.jcraft.jsch.JSchException: reject HostKey: 66.23.226.92 [preauth]
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+: 3: (java.net.SocketTimeoutException|com.jcraft.jsch.JSchException): (reject HostKey: [.:[:digit:]]+|Auth fail|Read timed out) \[preauth\]
 
-# Mar 10 21:31:03 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=katarina rhost=66.23.226.92  user=katarina
-# Mar  8 18:05:09 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=fredrik uid=0 euid=0 tty=dovecot ruser=fredrik rhost=::1
-# Mar 23 19:49:48 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=petter@lidberg.se uid=0 euid=0 tty=dovecot ruser=petter@lidberg.se rhost=187.131.22.215
-# Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=petter@lidberg.se rhost=187.131.22.215
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auth: pam_(krb5|unix)\(dovecot:auth\): authentication failure\; logname=([.@[:alnum:]]+)? uid=[[:digit:]]+ euid=[[:digit:]]+ tty=dovecot ruser=[.@[:alnum:]]+ rhost=[.:[:xdigit:]]+
-
-# Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): check pass; user unknown
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auth: pam_unix\(dovecot:auth\): check pass; user unknown
-
+#Mar 24 11:06:21 kvarnen sshd[5495]: channel 4: open failed: administratively prohibited: open failed
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: channel [[:digit:]]: open failed: administratively prohibited: open failed
 
 #Mar 10 11:22:52 kvarnen sshd[12813]: error: PAM: Cannot make/remove an entry for the specified session for illegal user support from 40.76.54.16
 #Mar 14 01:39:26 nada sshd[14346]: error: PAM: Cannot make/remove an entry for the specified session for root from 6e.a0.caa1.ip4.static.sl-reverse.com
diff --git a/testlog b/testlog
index 0c0fc32..ba18eaf 100644
--- a/testlog
+++ b/testlog
@@ -85,4 +85,50 @@ Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): check pass; user unknown
 Mar 23 19:49:48 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=petter@lidberg.se rhost=187.131.22.215
 Mar 23 19:49:52 nada dovecot: imap-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<petter@lidberg.se>, method=PLAIN, rip=187.131.22.215, lip=66.23.226.92, TLS, session=<K0NMy7sukQC7gxbX>
 Mar 24 02:08:41 nada named[5002]: client 192.42.132.103#45345: notify question section contains no SOA
+Mar 24 11:06:17 kvarnen sshd[5495]: channel 4: open failed: administratively prohibited: open failed
+Mar 24 11:06:21 kvarnen sshd[5495]: channel 4: open failed: administratively prohibited: open failed
+Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/sent-mail
+Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/Trash
+Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/Drafts
+Mar 24 13:04:10 nada dovecot: imap(ninnie): Warning: Subscriptions file /home/ninnie/Maildir/subscriptions: Removing invalid entry: mail/mormors 100-&AOU-rsdag
+Mar 24 14:05:39 nada sshd[16936]: Received disconnect from 91.193.74.7: 11: Bye [preauth]
+Mar 24 18:13:26 nada auth: pam_krb5(dovecot:auth): authentication failure; logname=fredmiranda@mc-cabe.com uid=0 euid=0 tty=dovecot ruser=fredmiranda@mc-cabe.com rhost=41.105.13.141
+Mar 24 18:13:26 nada auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=fredmiranda@mc-cabe.com rhost=41.105.13.141
+Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (greylist): write(Q) returned -1, expected 5: Broken pipe
+Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (greylist): to error state
+Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (spamassassin): write(Q) returned -1, expected 5: Broken pipe
+Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (spamassassin): to error state
+Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (clamav): write(Q) returned -1, expected 5: Broken pipe
+Mar 25 05:10:17 nada sm-mta[16638]: u2P0LqlN016638: Milter (clamav): to error state
+Mar 25 19:44:04 nada sshd[20872]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
+Mar 26 06:57:05 nada spamd[10050]: spamd: server hit by SIGHUP, restarting
+Mar 26 06:57:05 nada spamd[10050]: spamd: child [20105] killed successfully: interrupted, signal 2 (0002)
+Mar 26 06:57:05 nada spamd[10050]: spamd: child [23926] killed successfully: interrupted, signal 2 (0002)
+Mar 26 06:57:05 nada spamd.pid[10050]: spamd: restarting using '/usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir --user-config -d --pidfile=/var/run/spamd.pid'
+Mar 26 06:57:06 nada spamd[17910]: server socket setup failed, retry 1: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
+Mar 26 06:57:07 nada spamd[17910]: server socket setup failed, retry 2: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
+Mar 26 06:57:08 nada spamd[17910]: server socket setup failed, retry 3: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
+Mar 26 06:57:09 nada spamd[17905]: spamd: server started on port 783/tcp (running version 3.3.2)
+Mar 26 06:57:09 nada spamd[17910]: server socket setup failed, retry 4: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
+Mar 26 06:57:10 nada spamd[17910]: server socket setup failed, retry 5: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
+Mar 26 06:57:11 nada spamd[17910]: server socket setup failed, retry 6: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
+Mar 26 06:57:12 nada spamd[17910]: server socket setup failed, retry 7: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
+Mar 26 06:57:13 nada spamd[17910]: server socket setup failed, retry 8: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
+Mar 26 06:57:14 nada spamd[17910]: server socket setup failed, retry 9: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
+Mar 26 06:57:15 nada spamd[17910]: spamd: could not create INET socket on 127.0.0.1:783: Address already in use
+Mar 26 16:18:46 nada sshd[3298]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
+Mar 26 17:21:15 kvarnen epmd: epmd: invalid packet size (18245)
+Mar 26 18:09:14 nada monit[5075]: 'localhost' 'localhost' cpu wait usage check succeeded [current cpu wait usage=0.0%]
+Mar 26 21:45:26 nada named[5002]: validating @0xb82ba940: . NS: got insecure response; parent indicates it should be secure
+Mar 26 21:45:26 nada named[5002]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.': success
+Mar 26 22:10:17 nada dovecot: pop3(ammis): Connection closed top=0/0, retr=29/1819516, del=0/73, size=4433634
+Mar 26 18:09:14 nada monit[5075]: 'localhost' 'localhost' cpu wait usage check succeeded [current cpu wait usage=0.0%]
+Mar 26 21:45:26 nada named[5002]: validating @0xb82ba940: . NS: got insecure response; parent indicates it should be secure
+Mar 26 21:45:26 nada named[5002]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.': success
+Mar 26 22:10:17 nada dovecot: pop3(ammis): Connection closed top=0/0, retr=29/1819516, del=0/73, size=4433634
+Mar 27 06:31:18 nada monit[5075]: 'clamav-milter' process PID changed from 26461 to 14050
+Mar 27 06:33:18 nada monit[5075]: 'clamav-milter' process PID has not changed since last cycle
+Mar 27 10:28:35 nada sshd[2326]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
+Mar 27 10:28:38 nada sshd[2328]: Received disconnect from 91.193.74.33: 11: Bye [preauth]
+