diff --git a/config/filter.d/ufw-port-scan.conf b/config/filter.d/ufw-port-scan.conf
index 9a6f1189..ace09d8b 100644
--- a/config/filter.d/ufw-port-scan.conf
+++ b/config/filter.d/ufw-port-scan.conf
@@ -11,5 +11,5 @@
 # Author: Michele Bologna https://www.michelebologna.net/
 
 [Definition]
-failregex = .*\[UFW BLOCK\] IN=.* SRC=<HOST>
+failregex = ^\s*\S+ kernel:(?: +\[[^\]]+\])? \[UFW (?:LIMIT )?BLOCK\] (?:\b(?:IN=\w+|OUT=|(?:(?!OUT=|IN=)[A-Z]+=[^ \[]*)+) )*SRC=<ADDR> DST=\S+
 ignoreregex =