diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
index 316af802..1a601bd6 100644
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@@ -15,11 +15,11 @@
 # Values:  TEXT
 #
 failregex = (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
-            Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
+            Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$
             ROOT LOGIN REFUSED.* FROM <HOST>\s*$
             [iI](?:llegal|nvalid) user .* from <HOST>\s*$
-            User \S+ from <HOST> not allowed because not listed in AllowUsers$
-            User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$
+            User .+ from <HOST> not allowed because not listed in AllowUsers\s*$
+            User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.