diff --git a/modules/journalwatch.nix b/modules/journalwatch.nix
index 83ac92e..c82cdb0 100644
--- a/modules/journalwatch.nix
+++ b/modules/journalwatch.nix
@@ -105,6 +105,12 @@
         '';
         match = "CONTAINER_NAME = nginx-proxy";
       }
+      { # yodaNas
+        filters = ''
+          127.0.0.1 - - \[\S+ \S+\] "GET \S+ \S+" [0-9]+ [0-9]+ "-" "[^"]"
+        '';
+        match = "CONTAINER_NAME = money.p1st.de";
+      }
 
       #
       # IMAGE_NAME
@@ -311,6 +317,38 @@
       # _SYSTEMD_UNIT
       #
 
+      { # yodaNas
+        filters = ''
+          \s*The \S+ (A|AAAA) record points already to \S+
+        '';
+        match = "_SYSTEMD_UNIT = netcup-dns.service";
+      }
+
+      { # yodaNas
+        filters = ''
+          pam_unix\(sudo:session\): session opened for user root\(uid=0\) by \(uid=994\)
+          -+
+          Backup Summary \(btrbk command line client, version \S+\)
+          \s+Date:\s+\S+ \S+ \S+ \S+ \S+
+          \s+Config: \S+
+          Legend:
+          \s+===  up-to-date subvolume \(source snapshot\)
+          \s+\+\+\+  created subvolume \(source snapshot\)
+          \s+\+\+\+  deleted subvolume
+          \s+\*\*\*  received subvolume \(non-incremental\)
+          \s+>>>  received subvolume \(incremental\)
+          \s+
+          #
+          # BTRFS subvolume paths
+          #
+          /jc-data/\S+
+          /mnt/data/\S+/\S+
+          \+\+\+ /mnt/data/\S+/\S+
+          \+\+\+ /snap/\S+
+        '';
+        match = "_SYSTEMD_UNIT = btrbk-local-snapshot-ssd.service";
+      }
+
       { # yodaHedgehog
         filters = ''
           info: OpenSMTPD \S+-portable starting
@@ -332,13 +370,14 @@
       { # yodaYoga, yodaNas
         filters = ''
           Accepted publickey for root from \S+ port \S+ ssh2: RSA SHA256:\S+
-          pam_unix\(sshd:session\): session opened for user root\(uid=0\) by \(uid=0\)
+          pam_unix\(sshd:session\): session opened for user \S+ by \S+
           Received disconnect from \S+ port \S+:11: disconnected by user
-          Disconnected from user root \S+ port \S+
-          pam_unix\(sshd:session\): session closed for user root
+          Disconnected from user \S+ \S+ port \S+
+          pam_unix\(sshd:session\): session closed for user \S+
           #
           # Somebody evil ...
           #
+          Connection closed by \S+ port 36200 \[preauth\]
           error: kex_exchange_identification: banner line contains invalid characters
           # error: kex_exchange_identification: client sent invalid protocol identifier "MGLNDD_188.194.209.73_2222"
           # error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
@@ -472,6 +511,7 @@
           \S+\.(service|scope|slice|mount): Consumed .+ CPU time, no IP traffic\.
           #
           Started Logrotate Service\.
+          logrotate\.service: Deactivated successfully\.
           Shutting down\.
         '';
         match = "SYSLOG_IDENTIFIER = systemd";