Autopsy User Documentation  4.17.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Install and Configure Solr

Overview

Autopsy uses Apache Solr to store keyword text indexes. A central server is needed in a multi-user cluster to maintain and search the indexes.

A new text index is created for each case and is stored in the case folder on shared storage (not on the local drive of the Solr server).

Solr's embedded ZooKeeper is also used as a coordination service for Autopsy.

Prerequisites

We use Bitnami Solr, which packages Solr as a Windows service.

You will need:

Installation

JRE Installation

  1. Install the Java JRE if needed. You can test this by running where java from the command line. If you see output similar to the results below, you have a JRE.

    wherejava.PNG


    If you need the JRE, install it with the default settings.

Solr Installation

The following steps will configure Solr to run using an account that will have access to the network storage.

  1. Run the Bitnami installer, "bitnami-solr-4.10.3-0-windows-installer.exe"
  2. If Windows prompts with User Account Control, click Yes
  3. Follow the prompts through to completion. You do not need to "Learn more about Bitnami cloud hosting" so you can clear the check box.
  4. If you see an error dialog like the following, you may safely ignore it.

    apachebadmessage.PNG

  5. When the installation completes, clear the "Launch Bitnami Apache Solr Stack Now?" checkbox and click Finish.

Solr Configuration

  1. Stop the solrJetty service by pressing Start, typing services.msc, pressing Enter, and locating the solrJetty Windows service. Select the service and press Stop the service. If the service is already stopped and there is no Stop the service available, this is okay.
  2. Service Configuration: Edit the "C:\Bitnami\solr-4.10.3-0\apache-solr\scripts\serviceinstall.bat" script. You need administrator rights to change this file. The easiest way around this is to save a copy on the Desktop, edit the Desktop version, and copy the new one back over the top of the old. Windows will ask for permission to overwrite the old file; allow it. You should make the following changes to this file:

    • Add the following options in the line that begins with "C:\Bitnami\solr-4.10.3-0/apache-solr\scripts\prunsrv.exe" :
      • ++JvmOptions=-Dcollection.configName=AutopsyConfig
      • ++JvmOptions=-Dbootstrap_confdir="C:\Bitnami\solr-4.10.3-0\apache-solr\solr\configsets\AutopsyConfig\conf"
      • ++JvmOptions=-DzkRun
    • Replace the path to JavaHome with the path to your 64-bit version of the JRE. If you do not know the path, the correct JavaHome path can be obtained by running the command "where java" from the Windows command line. An example is shown below. The text in yellow is what we are interested in. Do not include the "bin" folder in the path you place into the JavaHome variable. A correct example of the final result will look something like this: –-JavaHome="C:\Program Files\ojdkbuild\java-1.8.0-openjdk-1.8.0.222-1"

      A portion of an updated serviceinstall.bat is shown below, with the changes marked in yellow.

      serviceinstall.PNG


  3. Solr Configuration: Edit "C:\Bitnami\solr-4.10.3-0\apache-solr\solr\solr.xml" to set the transientCacheSize to the maximum number of cases expected to be open concurrently. If you expect ten concurrent cases, the text to add is <int name="transientCacheSize">10</int>

    The added part is highlighted in yellow below. Ensure that it is inside the <solr> tag as follows:
    transientcache.PNG


  4. Log Configuration: Edit "C:\Bitnami\solr-4.10.3-0\apache-solr\resources/log4j.properties" to configure Solr log settings:
    1. Increase the log rotation size threshold (log4j.appender.file.MaxFileSize) from 4MB to 100MB.
    2. Remove the CONSOLE appender from the log4j.rootLogger line.
    3. Add the line "log4j.logger.org.apache.solr.update.processor.LogUpdateProcessor=WARN".
    The log file should end up looking like this (modified lines are highlighted in yellow
log4j.PNG
  1. Schema Configuration: From an Autopsy installation, copy the following into "C:\Bitnami\solr-4.10.3-0\apache-solr\solr":

Reinstall Service

Because we made changes to the service configuration, we need to reinstall it.

  1. Start a Windows command prompt as administrator by pressing Start, typing command, right clicking on Command Prompt, and clicking on Run as administrator. Then run the following command to uninstall the solrJetty service:
           cmd /c C:\Bitnami\solr-4.10.3-0\apache-solr\scripts\serviceinstall.bat UNINSTALL
    
    You will very likely see a result that says "The solrJetty service is not started." This is okay.
    
  2. In the same prompt, run the following command to install the solrJetty service:
            cmd /c C:\Bitnami\solr-4.10.3-0\apache-solr\scripts\serviceinstall.bat INSTALL
    

    Note the argument "INSTALL" is case sensitive. Your command prompt should look like the screenshot below. Very likely your command prompt will say "The solrJetty service could not be started." This is okay.

    solrinstall1.PNG


At this point you should be able to access the Solr admin panel in a web browser via the URL http://localhost:8983/solr/#/

Configure Service User

Back in Pick Your User Accounts, you should have decided what user to run Solr as. To configure Solr to run as that user, you'll use Windows Service Manager.

solrinstall2.PNG

Testing

There are two tests that you should perform to confirm that the Solr machine is configured correctly.

If the service is appropriately started but you are unable to see the screenshot above, then it could be that port 8983 for Solr and port 9983 for ZooKeeper are blocked by your firewall. Contact your network administrator to open these ports.

NOTE: You can not do a full test of permissions until you make a test case after all of the services are configured.

Backing Up

Solr creates two types of data that need to be backed up:


Copyright © 2012-2020 Basis Technology. Generated on Wed Dec 2 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.