Aug 21 19:00:36 [1.1.1.3.200.125] 410381: Aug 21 23:00:35 UTC: %SEC-6-IPACCESSLOGP: list 101 denied tcp 10.161.24.153(3988) -> 10.158.24.10(135), 1 packet


##</code><code>##

my $dtg=qr([A-Z][a-z]+\s+\d+\s+\d+:\d+:\d+);
my $thingy=qr([\.\d]+);
my $tz=qr([A-Z]{3});
my $ipaddr=qr(\d+\.\d+\.\d+\.\d+);
my $timestamp = qr/[A-Z][a-z]+ \d\d \d\d:\d\d:\d\d/;
my $address   = qr/[\.\d]+/;
my $id        = qr/\d+/;
my $timezone  = qr/[A-Z]+/;
my $fragger = qr/(\%SEC-6-IPACCESSLOGP|\%SEC-6-IPACCESSLOGDP)/;
my $tcp_deny=qr/^($dtg)\s\[$thingy\]\s\d+:\s($dtg)\s$tz:\s$fragger\:\slist\s(\d+)\sdenied\s(tcp|udp|icmp)\s($ipaddr)\(\d+\)\s\-\>\s($ipaddr)\(\d+\),\s(\d+)\spacket/;


##</code><code>##

 if ( $line =~ m@$tcp_deny@ ) {

... more stuff below

##</code><code>##

Aug 21 19:00:36 [1.1.1.3.200.125] 410382: Aug 21 23:00:35 UTC: %SEC-6-IPACCESSLOGDP: list 101 denied icmp 10.165.4.150 -> 211.95.79.233 (8/0), 1 packet


##</code><code>##

my $icmp_deny=qr/^($dtg)\s\[$thingy\]\s\d+:\s($dtg)\s$tz:\s$fragger\:\slist\s(\d+)\sdenied\s(tcp|udp|icmp)\s($ipaddr)\s\-\>\s($ipaddr)\s\(\d+\/\d+\),\s(\d+)\spacket/;