diff --git a/files/ssh/etc/filter-syslog/ssh b/files/ssh/etc/filter-syslog/ssh
index b9a38b7c4d7157050bfccc34ec0192229ad9ce4f..c051a2fa4fef9654bf7820cc8feca91cd10dd974 100644
--- a/files/ssh/etc/filter-syslog/ssh
+++ b/files/ssh/etc/filter-syslog/ssh
@@ -65,7 +65,7 @@ sshd: /^Disconnecting: Too many authentication failures for \S+$/
 # Ignore failed logins by IDG, Systems, and other ITS staff.  We all mistype
 # passwords occasionally.
 sshd: /^sshd\(pam_unix\): authentication failure; .* user=(adamhl|atayts|bxk|chekh|darrenp1|digant|frobozz|hallk|jmcdermo|ktai|laltman|jonrober|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu)$/
-sshd: /^pam_(unix|krb5)\(sshd:auth\): authentication failure; .* (logname|user)=(adamhl|atayts|bxk|chekh|darrenp1|digant|frobozz|hallk|jmcdermo|jonrober|ktai|laltman|martinp|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu)( |\Z)/
+sshd: /^pam_(unix|krb5)\(sshd:auth\): authentication failure;.* (logname|user)=(adamhl|atayts|bxk|chekh|darrenp1|digant|frobozz|hallk|jmcdermo|jonrober|ktai|laltman|martinp|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu)( |\Z)/
 sshd: /^PAM \d+ more authentication failures?; .* user=(adamhl|atayts|bxk|chehk|darrenp1|digant|frobozz|hallk|jmcdermo|jonrober|ktai|laltman|martinp|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu)$/
 sshd: /^Failed (password|gssapi-with-mic|keyboard-interactive/pam) for (adamhl|atayts|bxk|chehk|darrenp1|digant|frobozz|hallk|jmcdermo|jonrober|ktai|laltman|martinp|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu) from [a-f:\d.]+ port \d+ ssh2$/
 sshd: /^error: PAM: Authentication failure for (adamhl|atayts|bxk|chekh|darrenp1|digant|frobozz|hallk|jonrober|jmcdermo|ktai|laltman|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu) from [a-z:\d.-]+$/