Autopsy User Documentation  4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Install and Configure Solr

A central Solr server is needed to store keyword indexes. To install Solr, perform the following steps:

Prerequisites

You will need:

Installation

JRE Installation

Install the Java JRE if needed. You can test this by running where java from the command line. If you see output like the yellow results below, you have a JRE.

wherejava.PNG



If you need the JRE, install it with the default settings.

Solr Installation

The following steps will configure Solr to run using an account that will have access to the network storage.

  1. Run the Bitnami installer, bitnami-solr-4.10.3-0-windows-installer.exe
  2. If Windows prompts with User Account Control, click Yes
  3. Follow the prompts through to completion. You do not need to "Learn more about Bitnami cloud hosting" so you can clear the check box.
  4. If you see an error dialog like the following, you may safely ignore it.

    apachebadmessage.PNG

  5. When the installation completes, clear the "Launch Bitnami Apache Solr Stack Now?" checkbox and click Finish.

Solr Configuration

  1. Stop the solrJetty service by pressing Start, typing services.msc, pressing Enter, and locating the solrJetty Windows service. Select the service and press Stop the service. If the service is already stopped and there is no Stop the service available, this is okay.
  2. Edit the C:\Bitnami\solr-4.10.3-0\apache-solr\scripts\serviceinstall.bat script. You need administrator permission to change this file. The easiest way around this is to save a copy on the Desktop, edit the Desktop version, and copy the new one back over the top of the old. Windows will ask for permission to overwrite the old file; allow it. You should make the following changes to this file:

    • Add the following options in the JvmOptions section of the line that begins with "C:\Bitnami\solr-4.10.3-0/apache-solr\scripts\prunsrv.exe" :
      • ++JvmOptions=-Dcollection.configName=AutopsyConfig
      • ++JvmOptions=-Dbootstrap_confdir="C:\Bitnami\solr-4.10.3-0\apache-solr\solr\configsets\AutopsyConfig\conf"
    • Replace the path to JavaHome with the path to your 64-bit version of the JRE. If you do not know the path, the correct JavaHome path can be obtained by running the command "where java" from the Windows command line. An example is shown below. The text in yellow is what we are interested in. Do not include the "bin" folder in the path you place into the JavaHome variable. A correct example of the final result will look something like this:   –JavaHome="C:\Program Files\Java\jre1.8.0_45"

      wherejava.PNG


      Note that if you get something like the following when running the "where java" command, it is a symbolic link to the Java installation and you need to trace it to the proper folder as explained below.

      symlinkjava.PNG


      To trace a symbolic link to the proper folder, use Windows Explorer to navigate to the path shown (C:\ProgramData\Oracle\Java\javapath for the example above), then right click on java.exe and Click on Properties. You will see the path you should use in the Target field, shown in the screenshot below. Do not include the "bin" folder in the path you place into the JavaHome variable.

      javaproperties.PNG


      A portion of an updated serviceinstall.bat is shown below, with the changes marked in yellow.

      updatedServiceInstall.PNG


  3. Edit "C:\Bitnami\solr-4.10.3-0\apache-solr\solr\solr.xml" to set the transientCacheSize to the maximum number of cases expected to be open concurrently. If you expect ten concurrent cases, the text to add is <int name="transientCacheSize">10</int>

    The added part is highlighted in yellow below. Ensure that it is inside the <solr> tag as follows:
    transientcache.PNG


  4. Edit "C:\Bitnami\solr-4.10.3-0\apache-solr\resources/log4j.properties" to configure Solr log settings:
    • Increase the log rotation size threshold (log4j.appender.file.MaxFileSize) from 4MB to 100MB.
    • Remove the CONSOLE appender from the log4j.rootLogger line.

      Again you may have trouble saving to the file in the current location. If so, just save it out to the desktop and copy the edited file back over the top of the original.

      The log file should end up looking like this (modified lines are highlighted in yellow):

      log4j.PNG


  5. From an Autopsy installation, copy the folder "C:\Program Files\Autopsy-4.1\autopsy\solr\solr\configsets" to "C:\Bitnami\solr-4.10.3-0\apache-solr\solr".
  6. From an Autopsy installation, copy the folder "C:\Program Files\Autopsy-4.1\autopsy\solr\solr\lib" to "C:\Bitnami\solr-4.10.3-0\apache-solr\solr".
  7. Start a Windows command prompt as administrator by pressing Start, typing command, right clicking on Command Prompt, and clicking on Run as administrator. Then run the following command to install the solrJetty service:

    cmd /c C:\Bitnami\solr-4.10.3-0\apache-solr\scripts\serviceinstall.bat INSTALL

    Note the argument "INSTALL" is case sensitive. Your command prompt should look like the screenshot below. Very likely it will say "The solrJetty service could not be started." This is okay.

    solrinstall1.PNG


  8. Press Start, type services.msc, and press Enter. Find solrJetty. If the service is running, press Stop the service, then double click it, and switch to the Log On tab to change the logon credentials to a user who will have access to read and write the primary shared drive. Note that selecting "Local System account" will work only if Solr service and case output folders are on the same machine. Using "Local System account" to run Solr service and having case output folders on a different machine will result in Solr being unable to create index files.
    If the machine is on a domain, the Account Name will be in the form of DOMAINNAME\username as shown in the example below. Note that in the screenshot below, the domain name is DOMAIN and the user name is username. These are just examples, not real values.

    solrinstall2.PNG

    If the machine is on a domain, make sure to select the domain with the mouse by going to the Log On tab, clicking Browse, then clicking Locations and selecting the domain of interest. Then enter the user name desired and press Check Names. When that completes, press OK, type in the password once for each box and press OK. You may see "The user has been granted the log on as a service right."
  9. You should be able to see the Solr service in a web browser via the URL http://localhost:8983/solr/#/ as shown in the screenshot below.

    solrinstall3.PNG


    If the service is appropriately started and you are unable to see the screenshot above, contact your network administrator to open ports in the firewall.

    Warning: The Solr process must have adequate permissions to write data to the main shared storage drive where case output will be stored.


Copyright © 2012-2016 Basis Technology. Generated on Tue Oct 25 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.