diff --git a/logcompiler/sshd.go b/logcompiler/sshd.go
index bda2cc4..f6d5121 100644
--- a/logcompiler/sshd.go
+++ b/logcompiler/sshd.go
@@ -26,7 +26,8 @@ type SSHDCompiler struct {
 	CompilerStruct
 }
 
-type groked struct {
+// GrokedSSHD map JSON fields to Go struct
+type GrokedSSHD struct {
 	SSHMessage      string `json:"ssh_message"`
 	SyslogPid       string `json:"syslog_pid"`
 	SyslogHostname  string `json:"syslog_hostname"`
@@ -36,7 +37,7 @@ type groked struct {
 	SshdInvalidUser string `json:"sshd_invalid_user"`
 }
 
-var m groked
+var m GrokedSSHD
 
 // Flush recomputes statistics and recompile HTML output
 // TODO : review after refacto
diff --git a/logcompiler/sshd.txt b/logcompiler/sshd.txt
new file mode 100644
index 0000000..c592869
--- /dev/null
+++ b/logcompiler/sshd.txt
@@ -0,0 +1,4 @@
+{"ssh_message":"Invalid user misp-project from 119.42.175.200","syslog_pid":"28367","syslog_hostname":"sigmund","syslog_timestamp":"Feb 27 06:52:08","sshd_client_ip":"119.42.175.200","syslog_program":"sshd","sshd_invalid_user":"misp-project"}
+{"ssh_message":"Invalid user oracle from 49.212.211.207","syslog_pid":"28372","syslog_hostname":"sigmund","syslog_timestamp":"Feb 27 06:53:15","sshd_client_ip":"49.212.211.207","syslog_program":"sshd","sshd_invalid_user":"oracle"}
+{"ssh_message":"Invalid user 2019 from 112.78.1.247","syslog_pid":"28381","syslog_hostname":"sigmund","syslog_timestamp":"Feb 27 06:53:57","sshd_client_ip":"112.78.1.247","syslog_program":"sshd","sshd_invalid_user":"2019"}
+{"ssh_message":"Invalid user postgres from 217.182.194.95","syslog_pid":"28435","syslog_hostname":"sigmund","syslog_timestamp":"Feb 27 06:58:11","sshd_client_ip":"217.182.194.95","syslog_program":"sshd","sshd_invalid_user":"postgres"}