broctl --help is mysterious


For a newly installed Bro 2.4 beta, issuing "broctl --help" yields the cryptic output:

Error: unable to open database file: /usr/local/bro/spool/state.db


MacOS Mavericks


Vern Paxson
May 17, 2015, 7:18 PM

No, I don't have write access. I had expected that ordinary users can run Bro after it's installed - is that wrong? (In any case, the error message sure is cryptic!)

I installed from source.

Daniel Thayer
May 18, 2015, 7:39 AM

I think the problem is that you need to be superuser to install in /usr/local,
but when you do that then all of the installed files/directories are owned by root.
The user who runs broctl needs write access to the <prefix>/logs and <prefix>/spool
directories. I always run as an ordinary user and I just install to that user's home directory.

Robin Sommer
May 19, 2015, 9:49 AM

@vern: an ordinary user can use "bro", but not necessarily broctl, as that keeps state information. That's generally ok, I think.

@daniel: would be good if "broctl --help" worked for any user, independent of being root and who installed it. That shouldn't be difficult, no? Also, for other commands, could you add a check that makes sure the user running broctl has the right permissions, and give an corresponding error message otherwise?

Vern Paxson
May 24, 2015, 2:17 AM

@robin: yeah, I think that's fine. I just want the error message to be clear!

Daniel Thayer
May 26, 2015, 10:36 PM

This issue is addressed by BIT-1403. I've improved the broctl documentation, improved the SQLite database file error messages, and added "broctl help" output when a user types an unknown command (such as "broctl --help").




Vern Paxson



External issue ID



Fix versions

Affects versions