====== SSH Syslog ======
===== Medium =====  
<code>( subtype eq ssh ) and ( severity eq medium )</code>
<code>( eventid eq ssh-session-establishment-failed ) and ( description contains 'Protocol major versions differ for 192.168.1.1: SSH-2.0-OpenSSH_12.1 vs. SSH-1.5-Nmap-SSH1-Hostkey.' )</code>
<code>( eventid eq ssh-session-establishment-failed ) and ( description contains 'Protocol major versions differ for 192.168.1.1: SSH-2.0-OpenSSH_12.1 vs. SSH-1.5-NmapNSE_1.0.' )</code>

===== Informational ======
<code>( subtype eq ssh ) and ( severity eq informational )</code>
<code>( eventid eq ssh-ciphers-changed ) and ( description contains 'Ciphers set to default for MGMT SSH.' )</code>
<code>( eventid eq ssh-ciphers-changed ) and ( description contains 'New ciphers set for MGMT SSH.' )</code>
<code>( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving ecdsa key of length 256 from cryptod for HA SSH' )</code>
<code>( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving ecdsa key of length 521 from cryptod for HA SSH' )</code>
<code>( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving ecdsa key of length 384 from cryptod for HA SSH' )</code>
<code>( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving ecdsa key of length 256 from cryptod for Mgmt SSH' )</code>
<code>( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving ecdsa key of length 521 from cryptod for Mgmt SSH' )</code>
<code>( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving ecdsa key of length 384 from cryptod for Mgmt SSH' )</code>
<code>( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving rsa key of length 4096 from cryptod for HA SSH' )</code>
<code>( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving rsa key of length 3072 from cryptod for HA SSH' )</code>
<code>( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving rsa key of length 2048 from cryptod for HA SSH' )</code>
<code>( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving rsa key of length 4096 from cryptod for Mgmt SSH' )</code>
<code>( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving rsa key of length 3072 from cryptod for Mgmt SSH' )</code>
<code>( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving rsa key of length 2048 from cryptod for Mgmt SSH' )</code>
<code>( eventid eq unknown ) and ( description contains 'Retrieving ecdsa key of length 256 from cryptod for HA SSH' )</code>
<code>( eventid eq unknown ) and ( description contains 'Retrieving ecdsa key of length 521 from cryptod for HA SSH' )</code>
<code>( eventid eq unknown ) and ( description contains 'Retrieving ecdsa key of length 384 from cryptod for HA SSH' )</code>
<code>( eventid eq unknown ) and ( description contains 'Retrieving ecdsa key of length 256 from cryptod for Mgmt SSH' )</code>
<code>( eventid eq unknown ) and ( description contains 'Retrieving ecdsa key of length 521 from cryptod for Mgmt SSH' )</code>
<code>( eventid eq unknown ) and ( description contains 'Retrieving ecdsa key of length 384 from cryptod for Mgmt SSH' )</code>
<code>( eventid eq unknown ) and ( description contains 'Retrieving rsa key of length 4096 from cryptod for HA SSH' )</code>
<code>( eventid eq unknown ) and ( description contains 'Retrieving rsa key of length 3072 from cryptod for HA SSH' )</code>
<code>( eventid eq unknown ) and ( description contains 'Retrieving rsa key of length 2048 from cryptod for HA SSH' )</code>
<code>( eventid eq unknown ) and ( description contains 'Retrieving rsa key of length 4096 from cryptod for Mgmt SSH' )</code>
<code>( eventid eq unknown ) and ( description contains 'Retrieving rsa key of length 3072 from cryptod for Mgmt SSH' )</code>
<code>( eventid eq unknown ) and ( description contains 'Retrieving rsa key of length 2048 from cryptod for Mgmt SSH' )</code>