I just installed Bro (on FreeBSD 8.3) and got it up and running. I'm working my way through the docs, and I decided to do the local.bro edit for the Invalid SSL Certs that's described in the docs.
However, when I launched broctl and typed check, I got this: waiting for lock ..................................cannot get lock
I got the same thing when I typed stop as well as diag.
When I started broctl initially, I typed "install" and then "start". Then I closed broctl. Apparently you're supposed to leave broctl running? If so, that seems rather inconvenient.
No, it's not supposed to be running, however it sounds like a previous
run didn't terminate. Did you do the crontab entry as described in the
docs? If so, it could be that the cron job was just running as you
tried to check the config; there can only be one broctl at a time. But
if the problem persists, an earlier broctl process probably hangs;
check with ps and just kill it.
You must use sudo: "sudo broctl check". Followed by rinse, spin (install,
restart).
Unless you're already root.
I am.
I actually avoid running bro as root. I create a bro user, and have it run as that instead. Apart from making sure that <PREFIX> has the right permissions, I just need to set the privileges as mentioned in the documentation[1]:
A Puppet module would be really good. I too run as “bro” and it’s obnoxious because after the beautiful simplicity of “broctl install” to update code for each node, I then have to do a bash loop to SSH in to each node and manually setcap, and only then can I perform the “start.”