SSH: filter more

diff --git a/roles/journalwatch/files/patterns b/roles/journalwatch/files/patterns
index ef042a2d07faf3d16cc0a4b0ef737b739759a488..8f2b9f70ba2b3dca137ca441bff372db758a0772 100644 (file)
--- a/roles/journalwatch/files/patterns
+++ b/roles/journalwatch/files/patterns
@@ -60,7 +60,7 @@ SYSLOG_IDENTIFIER = sshd
 error: Received disconnect from [\da-fA-F.:]+ port \d+:\d+: .*
 error: maximum authentication attempts exceeded for invalid user \w+ from [\da-fA-F.:]+ port \d+ ssh2( \[preauth\])?
 pam_unix\(sshd:auth\): check pass; user unknown
 error: Received disconnect from [\da-fA-F.:]+ port \d+:\d+: .*
 error: maximum authentication attempts exceeded for invalid user \w+ from [\da-fA-F.:]+ port \d+ ssh2( \[preauth\])?
 pam_unix\(sshd:auth\): check pass; user unknown

-pam_unix\(sshd:auth\): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[\da-fA-F.:]+(  user=root)?
+(pam_unix\(sshd:auth\): authentication failure|PAM \d+ more authentication failures); logname= uid=0 euid=0 tty=ssh ruser= rhost=[\da-fA-F.:]+(  user=root)?

 
 _SYSTEMD_UNIT = bind9.service
 client [\da-fA-F.:]+#\d+ \([\w.-]+\): (zone transfer '[\w.-]+/AXFR/IN' denied|message parsing failed: (bad compression pointer|bad label type))
 
 _SYSTEMD_UNIT = bind9.service
 client [\da-fA-F.:]+#\d+ \([\w.-]+\): (zone transfer '[\w.-]+/AXFR/IN' denied|message parsing failed: (bad compression pointer|bad label type))