BF: filter.d/sshd group on md5hex and () for serial needed to be escaped

config/filter.d/sshd.conf

@@ -23,11 +23,11 @@ _daemon = sshd
 # Values:  TEXT
 #
 #
-md5hex = [\da-f]{2}:){15}[\da-f]{2}
+md5hex = ([\da-f]{2}:){15}[\da-f]{2}
 
 failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|error) for .* from <HOST>( via \S+)?\s*$
             ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$
-            ^%(__prefix_line)sFailed \S+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser .{0,100}|(\S+ ID \S+ (serial \d+) CA )?\S+ (%(md5hex)s(, client user ".{0,100}", client host ".{0,100}")?))?\s*$
+            ^%(__prefix_line)sFailed \S+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser .{0,100}|(\S+ ID \S+ \(serial \d+\) CA )?\S+ %(md5hex)s(, client user ".{0,100}", client host ".{0,100}")?))?\s*$
             ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
             ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
             ^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers\s*$