######################################################
# evidence: Open up the  log file, search for
#           the ip, add to array, split array into 15
#           lines, test if array is empty or not.
#####################################################

sub evidence {
  my ($count1, $action, $src);
  foreach (@data){
    ($action,$src) = (split /;/)[5,10];
    next if m/\b0\b/; #skip any rule 0 matches
    next if m/^\s*$/; #skip any empty lines
    if ($action eq 'drop' && $src =~ /$ip/){
      push (@fwlog, $_);
      $count1++ if $src =~ /$ip/;
      last if $count1 >= 16;
    }
  }
 
  # Test if the fwlog array is empty
  if (@fwlog) {
  } else {
    return;
  }
}