The Bro Blog

Friday, October 28, 2011

Public Beta of Bro 2.0 Released

We are very excited to announce a public beta of Bro 2.0. For more than a year, we have worked on some of the most substantial changes that Bro has ever seen. We are very pleased with the result, and would like to invite everybody to give it a try at this time so that we can identify and address any quirks that might still remain. The beta version is now available for download.

As the version number jump suggests, this is a major update that looks quite different from previous 1.x versions. While internally, there's actually not that much that has changed—besides some new functionality, some stale one that's been removed, and lots of bugfixes—at the user-level, Bro 2.0 looks completely different. We pretty much rewrote all default policy scripts that ship with the distribution, focusing more on operational deployment than in the past. The new Bro does much more out of the box now, and it's also quite a bit easier to customize and extend its processing. The one thing you'll probably notice first is the completely overhauled logging output: every log file is now well structured into typed columns that are easily parseable with other tools.

We're still working on further documentation for all the new stuff (and the old one as well), but to get you started, there's a new quickstart guide, an upgrade guide for users coming from 1.5, and a number of further documents that focus on areas like reporting, logging, and cluster deployment.

If you give the beta a try, please let us know how it goes. The best way to report any problems you may encounter, or suggest further ideas you have, is the issue tracker.

We emphasize that we do not recommend the beta version for production usage at this time; better to wait for the final release with that. Please also note that while a lot of effort went into Bro 2.0, we had to postpone work on some areas to future versions. In particular this concerns Bro's support for IPv6, which is still mostly at the 1.x state (and thus quiet basic and somewhat fragile). Improving that will be a top priority for 2.1.