From e9202fa0b2805833c9383b154986335df7cbca0e Mon Sep 17 00:00:00 2001
From: jblachly <james.blachly@gmail.com>
Date: Thu, 24 Mar 2016 00:43:15 -0400
Subject: [PATCH] Placed failure (illumos) at end of regex

---
 config/filter.d/sshd.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
index 58e9c977..eeb1518e 100644
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@@ -18,7 +18,7 @@ before = common.conf
 
 _daemon = sshd
 
-failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failed|failure|error) for .* from <HOST>( via \S+)?\s*$
+failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|error|failed) for .* from <HOST>( via \S+)?\s*$
             ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$
             ^%(__prefix_line)sFailed \S+ for .*? from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+ %(__md5hex)s(, client user ".*", client host ".*")?))?\s*$
             ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$