FYI, there are some hooks for IDMEF support within Bro itself (see #ifdef USE_IDMEF), but it's not complete. Broccoli doesn't have any IDMEF support, and in fact I don't believe it would be a fit for it to do so - IDMEF is for exchanging alerts, while Broccoli aims for exchanging events and typed values, which are much more general. Vern