On a new machine I am using metalog  as my syslog daemon. For some
reason, the daemon does not write the hostname to its logfiles by
default. Because of this (I think), regexes that use the __prefix_line
macro from filter.d/common.conf (currently only sshd) do no longer match.
I had my try at the pattern in order to remove the hostname requirement
or better: make it optional, but I had no luck so far. Maybe someone
with more experience could help me out?
Some example lines:
Oct 15 17:00:01 [sshd] Did not receive identification string from
Oct 15 17:00:03 [sshd] Invalid user firebird from 22.214.171.124
Oct 15 17:00:04 [sshd] Invalid user alx from 126.96.36.199