Re: [sleuthkit-users] Autopsy 4.2.0 keywords ingest module crashes every time the first time
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Autopsy 4.2.0 keywords ingest module crashes every time the first time
|
From: Richard C. <rco...@ba...> - 2016-12-06 14:21:03
|
Thanks! On Tue, Dec 6, 2016 at 4:24 AM, Nanni Bassetti <dig...@gm...> wrote: > Done! :-) > > 2016-12-06 0:38 GMT+01:00 Richard Cordovano <rco...@ba...>: > >> Nanni, I have combed through the logs you sent. The local Solr server >> process appears to be starting normally. However, when Autopsy sends a core >> (index) creation request to the Solr process during case creation, Autopsy >> is unable to connect. It is not clear whether this is because the process >> has shut down shortly after starting, or is just refusing the connection >> request. Then, when you try to run ingest, the keyword search module tries >> to open the core (index) for the case and fails, because it does not exist. >> The module does not start, and when a module does not start, ingest is >> aborted and you get the message to disable the ingest module that would not >> start, in this case the keyword search module. >> >> It looks like you closed Autopsy altogether to get the case to open and >> the ingest to run, which means that the misbehaving Solr process (if it was >> still running) was terminated and a new process was started. Unfortunately, >> this means that the solr.stdout.log file was deleted and recreated, so I >> have no trace of any error messages that the Solr server may have written. >> The interesting thing is that this new Solr process appears to experience >> no unexpected errors, as evidenced by both your success and the >> solr.stdout.log file you sent me. >> >> Are you able to reproduce this problem? If so, here are a few things you >> could do to help me to help you: >> >> - When Autopsy is started, but before you try to open a case, open a >> browser and got to the Solr Admin web page at: >> http://localhost:23232/solr/#. Look to see if there are any error >> messages on the logging page (push the Logging button) and send me a >> screenshot if there are. >> - After you open the case, go back to the Solr Admin page and check to >> see if you can use the Core Selector button to choose the core for the >> case, which will be a core with a name that looks like your case name with >> a time/data stamp suffix. Also, check the logging page again. >> - After you shut down Autopsy, but before you restart, collect a copy of ~/Users/[your >> user name]/AppData/roaming/autopsy/var/log/solr.stdout.log for me. This >> should actually agree with the logging page snapshots from the Solr Admin >> page. >> >> Thanks, >> Richard >> >> >> On Wed, Nov 23, 2016 at 12:39 PM, Nanni Bassetti <dig...@gm...> >> wrote: >> >>> no problem....see the attachment. >>> >>> 2016-11-23 18:20 GMT+01:00 Richard Cordovano <rco...@ba...>: >>> >>>> Nanni, thank you for sending the autopsy logs from the case folder. >>>> Autopsy was failing to connect to the Solr server that it starts up in >>>> jetty on your machine. Will you kindly also send me the entire contents >>>> (all log files) of the ~/Users/[your user name]/AppData/roaming/autopsy/var/log >>>> folder? >>>> >>>> Thanks, >>>> >>>> Richard Cordovano >>>> Autopsy Team Lead >>>> Basis Technology >>>> >>>> On Wed, Nov 23, 2016 at 2:35 AM, Nanni Bassetti <dig...@gm...> >>>> wrote: >>>> >>>>> I tried to run Autopsy 4.2.0 working 2 times directly with 2 pendrives >>>>> and 1 time with an EWF disk image. >>>>> Everytime, after to have create the case, Autopsy said that I must >>>>> disable keyword ingest module, but if I close all and re-run it opening the >>>>> same case, already created, the problem disappeared. >>>>> >>>>> I attach the log file of one test of mine. >>>>> >>>>> -- >>>>> Dott. Nanni Bassetti >>>>> http://www.nannibassetti.com >>>>> CAINE project manager - http://www.caine-live.net >>>>> >>>>> ------------------------------------------------------------ >>>>> ------------------ >>>>> >>>>> _______________________________________________ >>>>> sleuthkit-users mailing list >>>>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>>>> http://www.sleuthkit.org >>>>> >>>>> >>>> >>> >>> >>> -- >>> Dott. Nanni Bassetti >>> http://www.nannibassetti.com >>> CAINE project manager - http://www.caine-live.net >>> >> >> > > > -- > Dott. Nanni Bassetti > http://www.nannibassetti.com > CAINE project manager - http://www.caine-live.net > |
