--- a/config/filter.d/sshd.conf	Thu Feb 26 00:23:56 2009 -0500
+++ b/config/filter.d/sshd.conf	Thu Feb 26 00:24:59 2009 -0500
@@ -30,7 +30,7 @@
             ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$
             ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
             ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
-            ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPT\s*$
+            ^%(__prefix_line)sreverse mapping checking getaddrinfo for .* \[<HOST>\] .* POSSIBLE BREAK-IN ATTEMPT\!\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.