doc: add ssh protocol in eve log section

diff --git a/doc/userguide/output/eve/eve-json-format.rst b/doc/userguide/output/eve/eve-json-format.rst
index d744083d38e02407953443ec39cde11af73836d9..20ecc854a0fc4eb6a05564c69284a86c28e76b3a 100644 (file)
--- a/doc/userguide/output/eve/eve-json-format.rst
+++ b/doc/userguide/output/eve/eve-json-format.rst
@@ -778,3 +778,28 @@ Example::
       ]
     }
   }
+
+
+Event type: SSH
+----------------
+
+Fields
+~~~~~~
+
+* "proto_version": The protocol version transported with the ssh protocol (1.x, 2.x)
+* "software_version": The software version used by end user
+
+Example of SSH logging:
+
+::
+
+  "ssh": {
+    "client": {
+        "proto_version": "2.0",
+        "software_version": "OpenSSH_6.7",
+     },
+    "server": {
+        "proto_version": "2.0",
+        "software_version": "OpenSSH_6.7",
+     }
+  }