Long before I started using ooRexx, before I even knew it existed in fact, I talked my boss at one company into letting me install a copy of Regina on my company workstation in order to save him some work.
It turned out to be an interesting project. Apparently until then someone would occasionally grab a random meg or two of firewall logs and read them into Excel. Then someone else would spend time sorting lines, deleting most of them but keeping all the ones that reported a rejected attempt at sending a packet. The thing is, if a workstation sends ten thousand packets to a single IP address, or to several, it's probably legitimate work. If many workstations send packets to one IP address, likewise work. But if one IP address sends one packet to each of thousands of other addresses, it's very likely a virus looking for other machines to infect. So someone would take all those firewall records, try to parse dates and IP addresses, and come up with suspicious behavior. I heard my boss talking on the phone about this process - I think he said it normally took someone a couple hours - and after he hung up I approached him about a better way. So I took a day or two writing a Regina program which could parse out all those records and produce a CSV of the suspicious actors in a few seconds. After that I was the company virus hunter. I maintained a database, which wasn't too bad, but I also had to run around to various locations to eliminate the problem malware, which was an unwelcome chore. Still, I enjoyed the hunt. And Rexx is really, really good at that sort of text interpretation. (Programming is so cool!) --- Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 /* Law #36 of combat operations: Radar tends to fail at night and in bad weather, and especially during both. */ -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Paul Gilmartin Sent: Sunday, April 21, 2024 01:11 Which Rexx do you use on desktop systems? BTW, is the Regina mailing list active? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
