Further expand SSH log filters

usr/local/bin/find-interesting-logs

@@ -26,10 +26,14 @@ filter_sshd() {
 	| egrep -v 'sshd\[[[:digit:]]{3,7}\]: error: maximum authentication attempts exceeded for [[:alnum:]]+ from '"$IP_REGEX"' port [[:digit:]]+ ssh2 \[preauth\]' \
 	| egrep -v 'sshd\[[[:digit:]]{3,7}\]: error: maximum authentication attempts exceeded for invalid user [[:alnum:]]+ from '"$IP_REGEX"' port [[:digit:]]+ ssh2 \[preauth\]' \
 	| egrep -v 'sshd\[[[:digit:]]{3,7}\]: error: authentication error for illegal user [[:alnum:]]+ from '"$IP_REGEX"'$' \
-	| egrep -v 'sshd\[[[:digit:]]{3,7}\]: Received disconnect from '"$IP_REGEX"' port [[:digit:]]{4,5}:[[:digit:]]+: disconnected by user$' \
+	| egrep -v 'sshd\[[[:digit:]]{3,7}\]: error: PAM: authentication error for illegal user [[:alnum:]]+ from '"$IP_REGEX"'$' \
+	| egrep -v 'sshd\[[[:digit:]]{3,7}\]: Received disconnect from '"$IP_REGEX"' port [[:digit:]]{4,5}:[[:digit:]]+: [[:alnum:][:space:]]+$' \
 	| egrep -v 'sshd\[[[:digit:]]{3,7}\]: Disconnected from '"$IP_REGEX"' port [[:digit:]]{4,5}$' \
+	| egrep -v 'sshd\[[[:digit:]]{3,7}\]: Disconnected from '"$IP_REGEX"' port [[:digit:]]{4,5} \[preauth\]$' \
+	| egrep -v 'sshd\[[[:digit:]]{3,7}\]: Disconnecting: Too many authentication failures \[preauth\]$' \
 	| egrep -v 'sshd\[[[:digit:]]{3,7}\]: Connection closed by '"$IP_REGEX"' port [[:digit:]]{4,5} \[preauth\]$' \
 	| egrep -v 'sshd\[[[:digit:]]{3,7}\]: Connection closed by '"$IP_REGEX"' port [[:digit:]]{4,5}$' \
+	| egrep -v 'sshd\[[[:digit:]]{3,7}\]: Did not receive identification string from '"$IP_REGEX"'$' \
 	| egrep -v 'sshd\[[[:digit:]]{3,7}\]: Accepted publickey for ec2-user from '"$IP_REGEX"' port [[:digit:]]{4,5} ssh2: RSA SHA256:F0gdpVLYxUP8XO2Vq8ouk5UM72bITq9j4w7vi8jIFRw$'
 }