How to use Broccoli to pull event from Bro

Hi Everyone;
we are now using Bro to decode netflow and packet , and we found that it 's pretty good product , it gave use such a big impression , but one thing we feel a little truble is that, the log writer can only write all the network activity into some log files (http.log,conn.log), i went though some documents on www.bro.org , and found that it supports DataSeries , ElasticSearch & SQLIte database as extral outputs , unforunately none of this features match our requriment . however i found another thing called "Broccoli " can talk to Bro . i wrote some C program which can sent event to Bro and get the event which i defined from Bro , Now i have a question , can i use “Broccoli” to pull the event which looks like the lines in the log files [e.g “conn.log”] or send the content of these logs in some format like Syslog to some server , if anyone know how to do it , please tell me , because i was haunnted by this question for a log time .
Thanks you for your time on my eamil .

Regards,
Fql

On the Bro side, there is usually an event that corresponds to a given log line, e.g. the “Conn::log_conn” event [1]. On the Broccoli side, there’s a general outline of what needs to be done to receive events at [2], which you should be able to follow to receive events whose parameters correspond to the fields of log files, e.g. “Conn::log_conn” or some other event that you’ve defined yourself in order to pick a subset of the fields that are interesting to you.

- Jon

[1] http://www.bro.org/sphinx-git/scripts/base/protocols/conn/main.bro.html#id-Conn::log_conn
[2] http://www.bro.org/sphinx-git/components/broccoli/broccoli-manual.html#receiving-events

I don't think you want to use Broccoli for this. If you look into the Bro source code, you will see that our log writers are abstracted and you can write your own log writer.

May I ask what your requirements are? Where and how do you want to be able to write logs?

  .Seth