diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
index 98b5ceae..316af802 100644
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@@ -14,11 +14,11 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
-failregex = Authentication failure for .+ from <HOST>(?: port \d+ ssh2)?$
-            Failed [-/\w]+ for .+ from <HOST>(?: port \d+ ssh2)?$
-            ROOT LOGIN REFUSED .+ FROM <HOST>(?: port \d+ ssh2)?$
-            [iI](?:llegal|nvalid) user .+ from <HOST>(?: port \d+ ssh2)?$
-            User .+ from <HOST> not allowed because not listed in AllowUsers$
+failregex = (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
+            Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
+            ROOT LOGIN REFUSED.* FROM <HOST>\s*$
+            [iI](?:llegal|nvalid) user .* from <HOST>\s*$
+            User \S+ from <HOST> not allowed because not listed in AllowUsers$
             User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$
 
 # Option:  ignoreregex