Book outline

Below's a first shot at a chapter outline. This is clearly not
perfect yet, but let me know what you think. In particular, what's
missing?

Robin

--------- cut -------------------------------------------------------

1. Introduction

   Philosophy (aka "Bro is not Snort")

   Features
   
2. Getting Started

   System Requirements

   Installing Bro

   Running Bro from the Command Line
   
   Using Bro Control

3. Using Bro

   Understanding Bro's Output
      Notices and Alarms
      Activity Logs
      Weird Activity
      
   Customizing Scripts
      Building a Site Policy
      Notice Policy
      Tuning
      
   Standard Policy Files
      <The most important ones>
      
   Behind the Curtain:
      Capture Filters
      Dynamic Protocol Detection
      
   Log Rotation and Post-Processing
      
   Active Response
   
   Offline Analysis

   System Tuning

4. Writing Bro Scripts
   
   Language Overview
   
   Event Handlers
   
   State Management

   Inter-Bro Communication
   
   Signatures
   
   Profiling and Debugging

5. Scripting Idioms/Patterns

   TODO: Collect.

6. Bro Control

7. Operating a Bro Cluster

8. Interfacing with the External World

   Broccoli

   Time Machine

9. Bro in Operation

   <Tie things together from an operational perspective>

10. Summary

   Getting More Information
   
   Contributing Back