diff --git a/files/ssh/etc/filter-syslog/ssh b/files/ssh/etc/filter-syslog/ssh
index be19463aa7f0dad548e5b7ec212fcbdd1f035c28..8ef72f8590b39acd9f64802acf743ce243694be2 100644
--- a/files/ssh/etc/filter-syslog/ssh
+++ b/files/ssh/etc/filter-syslog/ssh
@@ -65,11 +65,11 @@ sshd: /^Disconnecting: Too many authentication failures for \S+$/
 
 # Ignore failed logins by IDG, Systems, and other ITS staff.  We all mistype
 # passwords occasionally.
-sshd: /^sshd\(pam_unix\): authentication failure; .* user=(adamhl|atayts|bxk|chekh|darrenp1|digant|frobozz|hallk|jmcdermo|ktai|laltman|jonrober|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu)$/
-sshd: /^pam_(unix|krb5)\(sshd:auth\): authentication failure;.* (logname|user)=(adamhl|atayts|bxk|chekh|darrenp1|digant|frobozz|hallk|jmcdermo|jonrober|ktai|laltman|martinp|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu)( |\Z)/
-sshd: /^PAM \d+ more authentication failures?; .* user=(adamhl|atayts|bxk|chehk|darrenp1|digant|frobozz|hallk|jmcdermo|jonrober|ktai|laltman|martinp|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu)$/
-sshd: /^Failed (password|gssapi-with-mic|keyboard-interactive/pam) for (adamhl|atayts|bxk|chehk|darrenp1|digant|frobozz|hallk|jmcdermo|jonrober|ktai|laltman|martinp|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu) from [a-f:\d.]+ port \d+ ssh2$/
-sshd: /^error: PAM: Authentication failure for (adamhl|atayts|bxk|chekh|darrenp1|digant|frobozz|hallk|jonrober|jmcdermo|ktai|laltman|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|whm|vdc|xinlei|yuelu) from [a-z:\d.-]+$/
+sshd: /^sshd\(pam_unix\): authentication failure; .* user=(adamhl|atayts|bxk|chekh|darrenp1|digant|frobozz|hallk|jmcdermo|jcowart|jonrober|ktai|laltman|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|tzakrajs|whm|vdc|xinlei|yuelu)$/
+sshd: /^pam_(unix|krb5)\(sshd:auth\): authentication failure;.* (logname|user)=(adamhl|atayts|bxk|chekh|darrenp1|digant|frobozz|hallk|jcowart|jmcdermo|jonrober|ktai|laltman|martinp|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|tzakrajs|whm|vdc|xinlei|yuelu)( |\Z)/
+sshd: /^PAM \d+ more authentication failures?; .* user=(adamhl|atayts|bxk|chehk|darrenp1|digant|frobozz|hallk|jcowart|jmcdermo|jonrober|ktai|laltman|martinp|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|tzakrajs|whm|vdc|xinlei|yuelu)$/
+sshd: /^Failed (password|gssapi-with-mic|keyboard-interactive/pam) for (adamhl|atayts|bxk|chehk|darrenp1|digant|frobozz|hallk|jcowart|jmcdermo|jonrober|ktai|laltman|martinp|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|tzakrajs|whm|vdc|xinlei|yuelu) from [a-f:\d.]+ port \d+ ssh2$/
+sshd: /^error: PAM: Authentication failure for (adamhl|atayts|bxk|chekh|darrenp1|digant|frobozz|hallk|jcowart|jonrober|jmcdermo|ktai|laltman|meeilee|mgoll|nbfa|pradtke|rra|saracook|sfeng|tzakrajs|whm|vdc|xinlei|yuelu) from [a-z:\d.-]+$/
 
 # Ignore GSS-API failures as root.  This is normally because people try to
 # use their normal credentials for root access.