autopsy icon indicating copy to clipboard operation
autopsy copied to clipboard
verified publisher icon sleuthkit

IDLE Ingest on Linux with 4.18

Open PeterPilley opened this issue 4 years ago • 3 comments

Testing between 4.16 - 4.18 on linux

4.16 ingest with device2_mediacard.e01 (image from autopsy certificate).

Ingest happens immediately, processing completes

4.18 ingest same image

Ingest reports IDLE, no reporting present Checks completed

  • Autopsy log
  • Restart
  • change central repository database from POSTGRES to SQLITE.

When connected to POSTGRES I can see the idle connections.

Autopsy Logs shows: 2021-06-28 13:52:44.017 org.sleuthkit.autopsy.ingest.IngestJobPipeline logInfoMessage INFO: Starting first stage analysis (data source = device2_mediacard.e01, objId = 1, pipeline id = 1, ingest job id = 2) 2021-06-28 13:52:44.018 org.sleuthkit.autopsy.ingest.IngestJobPipeline logInfoMessage INFO: Scheduling file level analysis tasks, no first stage data source level analysis configured (data source = device2_mediacard.e01, objId = 1, pipeline id = 1, ingest job id = 2) 2021-06-28 13:52:44.018 org.sleuthkit.autopsy.ingest.IngestJobPipeline logInfoMessage INFO: Finished first stage analysis (data source = device2_mediacard.e01, objId = 1, pipeline id = 1, ingest job id = 2) 2021-06-28 13:52:44.019 org.sleuthkit.autopsy.ingest.IngestJobPipeline logInfoMessage INFO: Finished analysis (data source = device2_mediacard.e01, objId = 1, pipeline id = 1, ingest job id = 2) 2021-06-28 13:52:44.021 org.sleuthkit.autopsy.ingest.IngestManager finishIngestJob

PeterPilley avatar Jun 28 '21 02:06 PeterPilley

Re-Ran same test on a fresh windows install and had different result, ingest is running.

Trying it on a seperate linux machine

PeterPilley avatar Jun 28 '21 03:06 PeterPilley

Consistent result across both machines, error message.

Error initializiung keyword search, local solr server did not respond.

PeterPilley avatar Jun 28 '21 03:06 PeterPilley

Linux cannot open solar self server I succeded to run the server separately with -force command /opt/autopsy/autopsy/solr/bin/autopsy-solr start -p 23232 -force try this and let me know if it's working for you

WARNING: Creating cores as the root user can cause Solr to fail and is not advisable. Exiting. If you started Solr as root (not advisable either), force core creation by adding argument -force

solr cannot run with root permission thats why

yossef-bismart avatar Sep 29 '21 10:09 yossef-bismart