Invalid user doesn't match lines where port is logged

Our ssh is logging those lines:

Mar 21 11:33:45 kenny01 sshd[17475]: Invalid user support from 190.50.238.98 port 32836

This doesn't match, whereas this matches:

Mar 21 11:33:45 kenny01 sshd[17475]: Invalid user support from 190.50.238.98

Looking at the rules it appears this doesn't have a rule (yet). Unfortunately, I don't understand enough about your rule engine to make a proper patch. :(

Specs:

OpenSSH_7.3p1-hpn14v11, OpenSSL 1.0.2j 26 Sep 2016
sshguard from git (640986a29cf280d5ea6e47f41e9f6c956b1ad89f)
Linux eddie 4.4.27-gentoo #1 SMP Fri Oct 28 17:44:50 CEST 2016 x86_64 Intel(R) Xeon(R) CPU E3113 @ 3.00GHz GenuineIntel GNU/Linux
Firewall is netfilter/iptables
/usr/sbin/sshguard -i /var/run/sshguard.pid -l /var/log/auth.log -l /var/log/messages

Comments (2)