Orchids modules can be used basically for three purposes: as input modules, meant to obtain data from specific sources; as dissection modules, meant to parse data into fields; and as extension modules, whose purpose is to extend the Orchids language.
Input modules
textfile: reading from text files, pipes, and local (Unix) TCP socketsbinfile: reading from binary files, pipes, and local (Unix) TCP socketsbintotext: converting from raw packets to textudp: reading from UDP Internet socketssockunix: reading from local (Unix) UDP socketsprelude: reading events from the Prelude manager (this is also an extension module, see below)
Dissection modules
auditd: Linux auditd system eventssyslog: Linux syslog event system, Cisco logsopenbsm: Open BSM, subsumes Sun BSM and Darwin BSM (Apple Mac OS X)json: JSON (JavaScript Object Notation)generic: the generic module, allowing one to define new virtual modules through regular expressionssnmptrap: read SNMP alerts from MIBs
Extension modules
consoles: printing on specific channelsidmef: handling and creating IDMEF alertsiodef: handling and creating IODEF reportsxml: manipulating XML documents (in particular, IDMEF, IODEF)metaevent: injecting synthetic eventsprelude: sending events to the Prelude manager or to PreWikka (this is also an input module, see above)sharedvars: sharing values across threadstimeout: setting a timeoutsendmail: sending messages or reports by email