As you kownn, snort works on packet data, while Bro works on connection
data.
Bro also has a signature engine that can read Snort rules, per the
CHANGES file.
I
want to know how to use Bro to save all the connection to dist file.
I don't quite know what you mean. Bro writes connection summaries to
stdout if you load tcp.bro (or the usual load of mt.bro). It also can
write a tcpdump packet trace file if you specify -w file.
Vern