From bde65467a91accf637a60c2f71b5c93ba7f8a56c Mon Sep 17 00:00:00 2001
From: Pascal Delalande <pdl35@free.fr>
Date: Wed, 20 Mar 2019 21:20:29 +0100
Subject: [PATCH] doc: add ssh protocol in eve log section

---
 doc/userguide/output/eve/eve-json-format.rst | 25 ++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/doc/userguide/output/eve/eve-json-format.rst b/doc/userguide/output/eve/eve-json-format.rst
index d744083d38..20ecc854a0 100644
--- a/doc/userguide/output/eve/eve-json-format.rst
+++ b/doc/userguide/output/eve/eve-json-format.rst
@@ -778,3 +778,28 @@ Example::
       ]
     }
   }
+
+
+Event type: SSH
+----------------
+
+Fields
+~~~~~~
+
+* "proto_version": The protocol version transported with the ssh protocol (1.x, 2.x)
+* "software_version": The software version used by end user
+
+Example of SSH logging:
+
+::
+
+  "ssh": {
+    "client": {
+        "proto_version": "2.0",
+        "software_version": "OpenSSH_6.7",
+     },
+    "server": {
+        "proto_version": "2.0",
+        "software_version": "OpenSSH_6.7",
+     }
+  }