Time: (^\S+\s\d+\s+\d+:\d+:\d+) using memory 1
Source Firewall: (\d+\.\d+\d+.\d+.\d+) using memory 1
Source part of firewall connection:
access-list\s+(\S+)\s+(\S+)\s+(\S+)\s(\S+)\/(\d+\.\d+\.\d+\.\d+)\((\d+)
1=source acl
2=action
3=protocol
4=source interface
5=source ip
6=source port

Destination part:
Destination:

->\s+(\S+)/(\d+\.\d+\.\d+\.\d+)\((\d+)
1=Dest Interface
2=Destination IP
3=Destination Port

\[(0x[0-9a-f]+) Matches RUle #
1=Rule#