This is the broccoli-ruby extension for Ruby which provides access to the Broccoli API. Broccoli is a library for communicating with the Bro Intrusion Detection System.
You can find the latest Broccoli-Ruby release for download at http://www.bro.org/download.
This document describes Broccoli-Ruby 1.60. See the CHANGES file for version history.
To install the extension:
To install the extension as a gem (suggested):
There aren’t really any useful docs yet. Your best bet currently is to read through the examples.
One thing I should mention however is that I haven’t done any optimization yet. You may find that if you write code that is going to be sending or receiving extremely large numbers of events, that it won’t run fast enough and will begin to fall behind the Bro server. The dns_requests.rb example is a good performance test if your Bro server is sitting on a network with many dns lookups.
If you have a question/comment/patch, see the Bro contact page.