From: Pascal Delalande <pdl35@free.fr>
Date: Wed, 20 Mar 2019 20:20:29 +0000 (+0100)
Subject: doc: add ssh protocol in eve log section
X-Git-Tag: suricata-5.0.0-beta1~115
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bde65467a91accf637a60c2f71b5c93ba7f8a56c;p=thirdparty%2Fsuricata.git

doc: add ssh protocol in eve log section
---

diff --git a/doc/userguide/output/eve/eve-json-format.rst b/doc/userguide/output/eve/eve-json-format.rst
index d744083d38..20ecc854a0 100644
--- a/doc/userguide/output/eve/eve-json-format.rst
+++ b/doc/userguide/output/eve/eve-json-format.rst
@@ -778,3 +778,28 @@ Example::
       ]
     }
   }
+
+
+Event type: SSH
+----------------
+
+Fields
+~~~~~~
+
+* "proto_version": The protocol version transported with the ssh protocol (1.x, 2.x)
+* "software_version": The software version used by end user
+
+Example of SSH logging:
+
+::
+
+  "ssh": {
+    "client": {
+        "proto_version": "2.0",
+        "software_version": "OpenSSH_6.7",
+     },
+    "server": {
+        "proto_version": "2.0",
+        "software_version": "OpenSSH_6.7",
+     }
+  }