question about bro's performance

    1. I see the introduction in bro overview: Bro targets high-speed
(Gbps). I am surprised and doubt it.

These issues are discussed at length in the original Bro paper and also

  H. Dreger, A. Feldmann, V. Paxson, and R. Sommer, Operational
  Experiences with High-Volume Network Intrusion Detection, Proc.
  ACM CCS, October 2004.

available at

    2. I konw bro supports to define signature in regular expression.I
want to konw how does bro support
       regular expressions: by perl or do it yourself.

It has its own implementation, which is essentially the same as the one
used by the "flex" utility (freeware replacement for lex, which I wrote a
long time ago).

    3. Is there realtime alarm function in bro?

Yes. This is a basic question that is also answered in the Bro paper,
as well as in the documentation available from