Autopsy User Documentation  4.11.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Install and Configure Solr

A central Solr server is needed to store keyword indexes, and its embedded Zookeeper is used as a coordination service for Autopsy. To install Solr, perform the following steps:

Prerequisites

You will need:

Installation

JRE Installation

  1. JREs are normally installed under "C:\Program Files\Java\jre(version)", so check there to see if you have one installed already. If not, get the installer from the link in the Prerequisites and install it with the default settings.

Solr Installation

The following steps will configure Solr to run using an account that will have access to the network storage.

  1. Run the Bitnami installer, "bitnami-solr-4.10.3-0-windows-installer.exe"
  2. If Windows prompts with User Account Control, click Yes
  3. Follow the prompts through to completion. You do not need to "Learn more about Bitnami cloud hosting" so you can clear the check box.
  4. If you see an error dialog like the following, you may safely ignore it.

    apachebadmessage.PNG

  5. When the installation completes, clear the "Launch Bitnami Apache Solr Stack Now?" checkbox and click Finish.

Solr Configuration

  1. Stop the solrJetty service by pressing Start, typing services.msc, pressing Enter, and locating the solrJetty Windows service. Select the service and press Stop the service. If the service is already stopped and there is no Stop the service available, this is okay.
  2. Edit the "C:\Bitnami\solr-4.10.3-0\apache-solr\scripts\serviceinstall.bat" script. You need administrator permission to change this file. The easiest way around this is to save a copy on the Desktop, edit the Desktop version, and copy the new one back over the top of the old. Windows will ask for permission to overwrite the old file; allow it. You should make the following changes to this file:

    • Add the following options in the line that begins with "C:\Bitnami\solr-4.10.3-0/apache-solr\scripts\prunsrv.exe" :
      • ++JvmOptions=-Dcollection.configName=AutopsyConfig
      • ++JvmOptions=-Dbootstrap_confdir="C:\Bitnami\solr-4.10.3-0\apache-solr\solr\configsets\AutopsyConfig\conf"
      • ++JvmOptions=-DzkRun
    • Replace the path to JavaHome with the path to your 64-bit version of the JRE. If you do not know the path, the correct JavaHome path can be obtained by running the command "where java" from the Windows command line. An example is shown below. The text in yellow is what we are interested in. Do not include the "bin" folder in the path you place into the JavaHome variable. A correct example of the final result will look something like this: –-JavaHome="C:\Program Files\Java\jre1.8.0_111"

      A portion of an updated serviceinstall.bat is shown below, with the changes marked in yellow.

      serviceinstall.PNG


  3. Edit "C:\Bitnami\solr-4.10.3-0\apache-solr\solr\solr.xml" to set the transientCacheSize to the maximum number of cases expected to be open concurrently. If you expect ten concurrent cases, the text to add is <int name="transientCacheSize">10</int>

    The added part is highlighted in yellow below. Ensure that it is inside the <solr> tag as follows:
    transientcache.PNG


  4. Edit "C:\Bitnami\solr-4.10.3-0\apache-solr\resources/log4j.properties" to configure Solr log settings:
    • Increase the log rotation size threshold (log4j.appender.file.MaxFileSize) from 4MB to 100MB.
    • Remove the CONSOLE appender from the log4j.rootLogger line.

      The log file should end up looking like this (modified lines are highlighted in yellow

      log4j.PNG


  5. From an Autopsy installation, copy the folder "C:\Program Files\Autopsy-XXX(current version)\autopsy\solr\solr\configsets" to "C:\Bitnami\solr-4.10.3-0\apache-solr\solr".
  6. From an Autopsy installation, copy the folder "C:\Program Files\Autopsy-XXX(current version)\autopsy\solr\solr\lib" to "C:\Bitnami\solr-4.10.3-0\apache-solr\solr".
  7. From an Autopsy installation, copy the file "C:\Program Files\Autopsy-XXX(current version)\autopsy\solr\solr\zoo.cfg" to "C:\Bitnami\solr-4.10.3-0\apache-solr\solr".
  8. Stop the solrJetty service by pressing Start, typing services.msc, pressing Enter, and locating the solrJetty Windows service. Select the service and press Stop the service. If the service is already stopped and there is no Stop the service available, this is okay.
  9. Start a Windows command prompt as administrator by pressing Start, typing command, right clicking on Command Prompt, and clicking on Run as administrator. Then run the following command to uninstall the solrJetty service:
           cmd /c C:\Bitnami\solr-4.10.3-0\apache-solr\scripts\serviceinstall.bat UNINSTALL
    
    You will very likely see a result that says "The solrJetty service is not started." This is okay.
    
  10. Start a Windows command prompt as administrator by pressing Start, typing command, right clicking on Command Prompt, and clicking on Run as administrator. Then run the following command to install the solrJetty service:
           cmd /c C:\Bitnami\solr-4.10.3-0\apache-solr\scripts\serviceinstall.bat INSTALL
    

    Note the argument "INSTALL" is case sensitive. Your command prompt should look like the screenshot below. Very likely your command prompt will say "The solrJetty service could not be started." This is okay.

    solrinstall1.PNG


Start Solr

  1. You should be able to see the Solr service in a web browser via the URL http://localhost:8983/solr/#/ as shown in the screenshot below. If you can, you should skip the next step. If you cannot, proceed to the next step.
  2. Press Start, type services.msc, and press Enter. Find solrJetty. If the service is running, press Stop the service, then double click it, and switch to the Log On tab to change the logon credentials to a user who will have access to read and write the primary shared drive. Note that selecting "Local System account" will work only if Solr service and case output folders are on the same machine. Using "Local System account" to run Solr service and having case output folders on a different machine will result in Solr being unable to create index files.
    If the machine is on a domain, the Account Name will be in the form of DOMAINNAME\username as shown in the example below. Note that in the screenshot below, the domain name is DOMAIN and the user name is username. These are just examples, not real values.

    solrinstall2.PNG

    If the machine is on a domain, make sure to select the domain with the mouse by going to the Log On tab, clicking Browse, then clicking Locations and selecting the domain of interest. Then enter the user name desired and press Check Names. When that completes, press OK, type in the password once for each box and press OK. You may see "The user has been granted the log on as a service right."
  3. You should be able to see the Solr service in a web browser via the URL http://localhost:8983/solr/#/ as shown in the screenshot below.

    solrinstall3.PNG


    If the service is appropriately started and you are unable to see the screenshot above, contact your network administrator to open ports in the firewall.

    Warning: The Solr process must have adequate permissions to write data to the main shared storage drive where case output will be stored.


Copyright © 2012-2019 Basis Technology. Generated on Fri Jun 21 2019
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.