Before you compile, you should make sure you have what’s required:
- A Posix-compliant Unix. Linuxes qualify. Mac OS X qualifies, too.
- A decent C compiler. On Linux, gcc 2.x, 3.x or 4.x should be fine. On Mac OS X, you don’t have much of a choice: use the compiler provided with Xcode.
The following list of packages is extremely recommended, although Orchids should compile and work without them:
- Net-SNMP for SNMP event handling. On Mac OS X, this is already installed by default. On Linuxes, use
apt-get install libsnmp-base libsnmp-dev.
- libpcap to fetch information on network packets. On Linuxes, use
apt-get install libpcap0.8 libpcap0.8-dev.
- libxml2 to handle XML-based formats such as IDMEF and IODEF. On Mac OS X, this is already installed by default. On Linuxes, use
apt-get install libxml2 libxml2-dev.
- libprelude, libpreludedb to integrate with Prelude (as a source of alerts) and with Prewikka (as a graphical front-end). On Linuxes, use
apt-get install libpreludedb0 libprelude-dev libpreludedb-dev.
You will also need to following tools:
- Autoconf (on Linuxes,
apt-get install autoconf)
- Bison (on Linuxes,
apt-get install bison)
- Flex (on Linuxes,
apt-get install flex)
On MacOSX, you will also need:
- Xcode; you will most likely need the command line additions, which you get by typing
xcode-select --installin a Terminal window.
- autoconf, automake, and libtool. Install HomeBrew, then type:
brew install autoconf automake libtool
Go to your local svn directory, the one you created when you downloaded the sources.
autoreconf -vfi ./configure make
This should build OrchIDS in the subdirectory
$OHOME/orchids/src). Later, we shall install OrchIDS by typing:
sudo make install
You don’t need the
sudo if you are root, or if you install into some directory you own. Before that, we should perhaps look at some compilation options.
configure script accepts the following specific options, in addition to standard ones:
--enable-dmalloc: Turn on
dmalloc(default is off)
--enable-htmloutput: enable HTML Output (default is on).
--enable-debug: enable debugging (default is off). Will print a lot of messages at runtime.
--enable-gprof: enable profiling through gprof (default is off).
--enable-prelude: compile the prelude module (default is off).
--enable-sendmail: include email sending primitives (default is off).
--enable-xml: compile the xml, IDMEF and IODEF modules (default is off).
--enable-snmptrap: compile the SNMP trap module (default is off).
--with-doxygen: use doxygen (default is yes).
--with-runtime-user: to use as user id for runtime (default is
--enable-preproc: enable preprocessor support (default used to be on). Suppressed for security reasons.
--enable-demo: enable demo mode (default was off). This printed a banner on startup and had a few subtle differences in printing stats. Can still be activated by providing the
-voption (verbose) at startup.
--enable-actmon: enable activity monitor (default is off). This is a small character that rotates (-, \, |, /, -, etc.) on the screen as events come in. Can still be activated by providing the
-moption (monitor) at startup.
--with-gnuplot: use gnuplot (default was yes). Suppressed because OrchIDS no longer has support for reporting graphical info at a prohibitive cost.
--with-graphviz-dot: use GraphViz dot (default was yes). Suppressed because OrchIDS no longer has support for reporting graphical info at a prohibitive cost.
--with-epstopdf: use epstopdf (default was yes). Suppressed because OrchIDS no longer has support for reporting graphical info at a prohibitive cost.
--with-convert: use ImageMagick convert (default was yes). Suppressed because OrchIDS no longer has support for reporting graphical info at a prohibitive cost.
--with-swiprolog: use SWI Prolog and compile the Prolog and Prolog history modules (default was yes). Made obsolete by the new in-memory database primitives.
--enable-pcre: enable Perl-compatible regular expression matching (default was off). Made obsolete by the new proprietary regexp library (which by the way is not Perl-compatible).
--enable-bsm: compile the BSM module (default is on); this is obsolete, the right module that handles BSM is the OpenBSM module.
Now you’ve earned the right to play a bit with Orchids: go to the Getting started with Orchids page.
If you prefer to learn how you can tweak Orchids, and how it works, go to the configuration page.