The general configuration file of Orchids, orchids.conf, is a list of commands, one per line, of the following form. Lines starting with # are comments.
MaxMemorySizen: declares the maximum amout of memory that Orchids is allowed to consume while running, as a number n of bytes. See the low memory page to understand the purpose of that directive.RainyDayFundn: declares the amount of memory that Orchids will preallocate as a rainy day fund.ModuleDirdir: declares that dir is the directory where Orchids will find its modules. Typical value is/usr/local/lib/orchids(@@LIBDIR@@/orchidsif you look atorchids.conf.distinstead oforchids.conf).LockFilefile: sets file as Orchids lock file. Serves to ensure that at most one Orchids process is running on the system. Default file is@prefix@/var/run/orchids/orchids.lock, where@prefix@is typically/usr/local.RuntimeUseruser: declares that Orchids should run as user user. Typical value isnobody(@@RUNUSER@@if you look atorchids.conf.distinstead oforchids.conf).Nicepri: sets the priority of the Orchids process to pri.PollPeriodsecs: instructs Orchids that it should poll files every secs seconds. Orchids can read events from files or from sockets. Only the first kind requires polling. One can specify fractional values for seconds. The IDMEF time format is recognized as well.ResolveIPopt, where opt isyes,1,on,true,enabled(all meaning true), or anything else (meaning false): if enabled, will tell Orchids to print IP addresses by adding the corresponding host name. Good for demos, slow in actual applications. Typical value isno.Includefile: include configuration file file. Used mainly to include theorchids-modules.conf,orchids-rules.conf, andorchids-inputs.conffiles, as well as module-specific configuration files. Regexps are legal, e.g.:Include "@@ETCDIR@@/orchids/conf.d/*.conf"
Some other commands are in principle legitimate, too, such as INPUT or DISSECT, or AddModule for example. They are better used in specific included files, such as orchids-inputs.conf for the first two, or orchids-modules.conf for the last one. They are documented on the corresponding pages.
Obsolete commands include:
AddPreprocessorCmdsuffix cmd: declares that those rule files whose name ends in suffix should first be processed by running cmd on it. Removed for security reasons.SetPreprocessorCmdsuffix cmd: declares thatcmdshould be the default preprocessor. Removed for security reasons.