FYI, I've put up a very short quickstart on my blog
(http://ossectools.blogspot.com/2011/08/monitoring-ssl-connections-with-bro.html)
on getting Bro up and running for monitoring SSL connections. The
write-up is for Ubuntu, but it should be helpful for anyone just
starting with Bro. I will have follow-up posts on dealing with Bro
output, but this should be enough to get anyone just starting out
something to play with. Thanks again to Seth for all of the help!
I have most of the blog post written for that and even tried to publish it once, but the style sheet on the blog screwed it up. I'll try and post it again soon.
Indeed: I added a small sample of the ssl.log (wraps horribly, but the
reader gets the gist) as well as a few other small edits based on info
from Seth. If others have suggestions or tips for other platforms,
etc., please let me know. I have no problem making this blog post
into something of a wiki for the next few days!