For what its worth, I've been attempting to compare snort vs bro for a class
(perhaps like you are) and evidently I'm doing something wrong since I get
dozens of unique alerts (or alarms) in snort, but only 3 unique ones in bro.
I'm sure it is a configuration problem but if anyone wants to volunteer any
suggestions it would be appreciated.
Can you send me an example (perhaps off-line)?
Vern