Re: RFS: bro

On Sat, Jan 16, 2010 at 11:35:51AM +1300, Paul Wise wrote:
> I thought libbroccoli and python-broccoli were part of bro, otherwise
> great. Please check if they are actually needed by bro before creating
> them.

You can /sort of/ think of it this way:
broccoli is to bro as
libcurl  is to apache

you do not need broccoli to run bro, but you need it for:
 * python-broccoli, which is what enables bro-control to talk to bro.
   bro-control will not function without broccoli
 * tm(time machine), which is another daemon I am working on packaging.
   time machine can use the server part of libbroccoli so that bro can connect
   to it in order to request historical data.

I think the right thing to do is have bro suggest or recommend bro-control,
which will pull in the broccoli packages.

for running bro as a tool like tcpdump/tshark it is usable without any of the
other packages.

for running bro as a full blown IDS, especially on a cluster or multicore
system, you need bro-control.  

-- Justin Azoff
-- Security & Network Performance Analyst

