From 10fcfb925dde8da606a7e2f841159675528cedb9 Mon Sep 17 00:00:00 2001
From: jamesstout <stoutyhk@gmail.com>
Date: Sun, 21 Apr 2013 07:30:21 +0800
Subject: [PATCH] Extra patterns for Solaris

---
 config/filter.d/sshd.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
index e4339c78..2c104073 100644
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@@ -27,11 +27,13 @@ failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* fro
             ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$
             ^%(__prefix_line)sFailed (?:password|publickey) for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$
             ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
+            ^%(__prefix_line)s\[.*\] Failed keyboard-interactive for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
             ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
             ^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers\s*$
             ^%(__prefix_line)sUser .+ from <HOST> not allowed because listed in DenyUsers\s*$
             ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
             ^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
+            ^%(__prefix_line)s\[.*\] Received disconnect from <HOST>.* Bye\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.