Book outline

Below's a first shot at a chapter outline. This is clearly not
perfect yet, but let me know what you think. In particular, what's


--------- cut -------------------------------------------------------

1. Introduction

   Philosophy (aka "Bro is not Snort")

2. Getting Started

   System Requirements

   Installing Bro

   Running Bro from the Command Line
   Using Bro Control

3. Using Bro

   Understanding Bro's Output
      Notices and Alarms
      Activity Logs
      Weird Activity
   Customizing Scripts
      Building a Site Policy
      Notice Policy
   Standard Policy Files
      <The most important ones>
   Behind the Curtain:
      Capture Filters
      Dynamic Protocol Detection
   Log Rotation and Post-Processing
   Active Response
   Offline Analysis

   System Tuning

4. Writing Bro Scripts
   Language Overview
   Event Handlers
   State Management

   Inter-Bro Communication
   Profiling and Debugging

5. Scripting Idioms/Patterns

   TODO: Collect.

6. Bro Control

7. Operating a Bro Cluster

8. Interfacing with the External World


   Time Machine

9. Bro in Operation

   <Tie things together from an operational perspective>

10. Summary

   Getting More Information
   Contributing Back