We are very excited to announce a public beta of Bro 2.0. For more
than a year, we have worked on some of the most substantial changes
that Bro has ever seen. We are very pleased with the result, and would
like to invite everybody to give it a try at this time so that we can
identify and address any quirks that might still remain. The beta version
is now available for download.
As the version number jump suggests, this is a major update that looks
quite different from previous 1.x versions. While internally, there’s
actually not that much that has changed—besides some new
functionality, some stale one that’s been removed, and lots of
bugfixes—at the user-level, Bro 2.0 looks completely different.
We pretty much rewrote all default policy scripts that ship with the
distribution, focusing more on operational deployment than in the past.
The new Bro does much more out of the box now, and it’s also
quite a bit easier to customize and extend its processing. The one
thing you’ll probably notice first is the completely overhauled
logging output: every log file is now well structured into typed
columns that are easily parseable with other tools.
We’re still working on further documentation for all the new stuff
(and the old one as well), but to get you started, there’s a new quickstart
guide, an upgrade
guide for users coming from 1.5, and a number of further
documents that focus on areas like reporting, logging, and cluster
deployment.
If you give the beta a try, please let us know how it
goes. The best way to report any problems you may encounter, or suggest further
ideas you have, is the issue
tracker.
We emphasize that we do not recommend the beta version for
production usage at this time; better to wait for the final release
with that. Please also note that while a lot of effort went into Bro
2.0, we had to postpone work on some areas to future
versions. In particular this concerns Bro’s support for IPv6, which is
still mostly at the 1.x state (and thus quiet basic and somewhat
fragile). Improving that will be a top priority for 2.1.