From 0566bbe9d1d3a7e93b723bf6349810c7a80145d3 Mon Sep 17 00:00:00 2001
From: Oleg Broytman <phd@phdru.name>
Date: Fri, 24 Dec 2021 15:15:51 +0300
Subject: [PATCH] Feat(logcheck): Update `local-ssh`

---
 playbooks/roles/logcheck/files/ignore.d/local-ssh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/playbooks/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh
index 1dd7bc3..81c6b43 100644
--- a/playbooks/roles/logcheck/files/ignore.d/local-ssh
+++ b/playbooks/roles/logcheck/files/ignore.d/local-ssh
@@ -38,3 +38,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_unix\(sshd:auth\): bad username
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: ssh_dispatch_run_fatal: Connection from ((authenticating|invalid) user .+)?([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: message authentication code incorrect \[preauth\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: warning: can't get client address: Connection reset by peer$
+
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error: beginning MaxStartups throttling
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: drop connection #[0-9]+ from \[([0-9]{1,3}\.){3}[0-9]{1,3}\]:[0-9]+ on \[([0-9]{1,3}\.){3}[0-9]{1,3}\]:22 past MaxStartups
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: exited MaxStartups throttling
-- 
2.39.2