If so,
I first have to make "my own".bro, and then add the "my own.bro" file to
policy setting in bro.cfg?
What I'm wondering is to set up for general IDS OFF-Line test.
In my thought, it is not easy to test in Off-line in comparison with Snort,
although Bro performance is better than snort. 
I really appreciate if you tell me know more specific method to use Bro in
off-line test.
Best Regards,
Taeshik
> When I try to off-line analysis with -r option, how can I use all Bro
> rules?The notion of "all Bro rules" is not that well defined. There are a
large
number (100+) of policy files in policy/*.bro, some of which are
incompatible
with others (for example, print-filter.bro prints the BPF filter being
used
and then exits).
That said, here's what we use when to run against our internal test
suite: