#!/usr/bin/perl -w

use strict;

my $line = 'Aug 1 12:12:12 host [login=name, pid=1356] -> sh [args: "sh", "-c", "ls -l", "/var/log"]';

# First pull out the arguments, with first 
# and last quotes stripped.
$line =~ /sh \[args: "(.*?)"\]/;
my $cmdline = $1;
print "Command: $cmdline\n";

# Now split apart on the quotes and commas.
my @args = split(/", "/,$cmdline);
print "Args are: **",join("**, **",@args),"**\n";