use strict;
use Quantum::Superpositions;
our ($r, $ignore_src_ip, $ignore_src_prt, $ignore_dst_prt);
INIT {
    my $r_date = "\\w+\\s+\\d+";
    my $r_time = "[\\d:.]+";
    my $r_ip   = "\\d+\\.\\d+\\.\\d+\\.\\d+";
    my $r_port = "\\d+";
    my $r_dir     = "[<>]";
    my $r_text = ".+";

    $r = qr[^($r_date)\s+($r_time)\s+($r_ip)\.($r_port)\s+($r_dir)\s+(?:($r_ip)\.)?($r_port):\s+($r_text)];

    $ignore_src_ip = any(qw[
        198.144.10.227
        163.228.80.5
        198.144.10.143
        ]);
    $ignore_src_prt = 53;
    $ignore_dst_prt = any(
        137,  # NETBIOS Name Service
        139,  # NETBIOS Session Service
        445,  # Win2k+ Server Message Block
        1434, # SQL Slammer / Sapphire worm
        );
}

my ($date, $time, $src_ip, $src_prt, $dir, $dst_ip, $dst_prt, $text) = /$r/;

next if $src_ip  eq $ignore_src_ip or
        $src_prt == $ignore_src_prt or
        $dst_prt == $ignore_dst_prt;

print;

__END__
May 17 20:38:18.469635 64.180.225.226.1025 > 137:  udp 50
May 17 21:07:01.043863 202.108.249.21.1122 > 1434:  udp 376
May 17 21:38:22.550924 210.14.199.234.4110 > 445: S 318758155:318758155(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
May 17 21:38:54.775616 216.219.104.135.1236 > 1434:  udp 376
May 17 21:51:00.660588 63.203.70.246.1028 > 137:  udp 50
May 17 22:04:31.767281 218.187.142.250.1029 > 137:  udp 50