So,
I have now reinstalled bro completely (from source, there is a dependency issue with libc with the binary install), wiped the nodes clean and rebuilt all directories, established the ssh connections for the bro user. When I go into broctl I still am getting the cannot get lock issue.
I do notice that when I go into /usr/local/bro/spool, I get some files showing up being owned by root, and it doesn’t seem it should be.
drwxr-xr-x 4 bro bro 4096 May 31 11:35 .
drwxr-xr-x 9 bro bro 4096 May 31 11:33 …
-rw-r–r-- 1 root root 82 May 31 11:35 broctl.dat
drwxr-xr-x 2 bro bro 4096 May 31 11:33 scripts
-rw-r–r-- 1 root root 445 May 31 11:35 stats.log
drwxr-xr-x 2 bro bro 4096 May 31 11:33 tmp
James Richards
Office of Security
Wisconsin Department of Administration
608.224.3880