[Bro-Dev] Script reorg proposal

Gregor Maier gregor at icir.org
Mon Aug 1 11:48:23 PDT 2011

I like the idea as well. However I'm wondering whether it would make 
sense to put the stuff that's loaded by default into specific policy 
file, e.g., default.bro and load that file by default. This would make 
it easier to selectively remove some parts of the analysis instead of 
having to go from-all-to-nothing. Then we could also just use a single 
(base) directory for all the scripts instead of bro/base and bro/policy 
(which kinda irks me). The default.bro file could actually live in the 
site directory, so it's readily editable for users.

This way users get a nice set of default analyzers and logs and it's 
easy for slightly advanced users to disable some analyzers. I think 
that's important since for a bunch of analyzers or framework features I 
expect it to be a close call whether it should be loaded on default or 

In any case I think it's important to have a nice documentation briefly 
describing what each of the policy files or packages does. Basically a 
quick guide to: "if I want X I have to load a,b,c". Don't know whether 
this readily comes out of the new documentation framework or not. Even 
if it does it might make sense to manually structure it thematically. In 
any case the document should link to the generated documentation of the 
individual scripts/packages. Might also be nice if these brief 
descriptions would also make it into the default.bro file as comments.

Gregor Maier
<gregor at icir.org>  <gregor at icsi.berkeley.edu>
Int. Computer Science Institute (ICSI)
1947 Center St., Ste. 600
Berkeley, CA 94704, USA

More information about the bro-dev mailing list