List of Orchids modules

Orchids modules can be used basically for three purposes: as input modules, meant to obtain data from specific sources; as dissection modules, meant to parse data into fields; and as extension modules, whose purpose is to extend the Orchids language.

Input modules

  • textfile: reading from text files, pipes, and local (Unix) TCP sockets
  • binfile: reading from binary files, pipes, and local (Unix) TCP sockets
  • bintotext: converting from raw packets to text
  • udp: reading from UDP Internet sockets
  • sockunix: reading from local (Unix) UDP sockets
  • prelude: reading events from the Prelude manager (this is also an extension module, see below)

Dissection modules

  • auditd: Linux auditd system events
  • syslog: Linux syslog event system, Cisco logs
  • openbsm: Open BSM, subsumes Sun BSM and Darwin BSM (Apple Mac OS X)
  • json: JSON (JavaScript Object Notation)
  • generic: the generic module, allowing one to define new virtual modules through regular expressions
  • snmptrap: read SNMP alerts from MIBs

 Extension modules

  • consoles: printing on specific channels
  • idmef: handling and creating IDMEF alerts
  • iodef: handling and creating IODEF reports
  • xml: manipulating XML documents (in particular, IDMEF, IODEF)
  • metaevent: injecting synthetic events
  • prelude: sending events to the Prelude manager or to PreWikka (this is also an input module, see above)
  • sharedvars: sharing values across threads
  • timeout: setting a timeout
  • sendmail: sending messages or reports by email