Description of problem:
The rule for "failed login" in the ssh section does not match all entries.
This seems to be a side affect of the fix for 139606

Version-Release number of selected component (if applicable):
logwatch-6.0.1-2

How reproducible:
Always

Actual results:
 Failed logins from these:
    admin/password from ::ffff:212.12.131.2: 2 Time(s)
    guest/password from ::ffff:212.12.131.2: 2 Time(s)
    info/password from ::ffff:212.12.131.2: 1 Time(s)

 **Unmatched Entries**
 Failed password for root from ::ffff:212.12.131.2 port 44602 ssh2
 Failed password for mysql from ::ffff:212.12.131.2 port 45302 ssh2
 Failed password for ftp from ::ffff:212.12.131.2 port 54963 ssh2
 Failed password for root from ::ffff:212.12.131.2 port 55265 ssh2
(Some lines snipped)

Expected results:
Failed logins from these:
    admin/password from ::ffff:212.12.131.2: 2 Time(s)
    apache/password from ::ffff:212.12.131.2: 1 Time(s)
    ftp/password from ::ffff:212.12.131.2: 1 Time(s)
    mysql/password from ::ffff:212.12.131.2: 1 Time(s)
    root/password from ::ffff:212.12.131.2: 4 Time(s)
(Some lines snipped)

Additional info:
This patch fixes the rule:

--- ../../scripts.bak/services/sshd     2005-05-19 15:12:12.000000000 +0100
+++ sshd        2005-06-28 20:21:18.000000000 +0100
@@ -112,7 +112,7 @@
       } else {
          $Users{$2}{$3}{"(all)"}++;
       }
-   } elsif ( $ThisLine =~ m/^Failed (\S+) for (invalid user )(\S+) from ([^ ]
+) port (\d+)/ ) { #openssh
+   } elsif ( $ThisLine =~ m/^Failed (\S+) for (invalid user )?(\S+) from ([^ ]
+) port (\d+)/ ) { #openssh
       if ( $Debug >= 5 ) {
          print STDERR "DEBUG: Found -Failed login- line\n";
       }