my $dtg=qr([A-Z][a-z]+\s+\d+\s+\d+:\d+:\d+);
my $thingy=qr([\.\d]+);
my $tz=qr([A-Z]{3});
my $ipaddr=qr(\d+\.\d+\.\d+\.\d+);
my $timestamp = qr/[A-Z][a-z]+ \d\d \d\d:\d\d:\d\d/;
my $address   = qr/[\.\d]+/;
my $id        = qr/\d+/;
my $timezone  = qr/[A-Z]+/;
my $fragger = qr/(\%SEC-6-IPACCESSLOGP|\%SEC-6-IPACCESSLOGDP)/;
my $tcp_deny=qr/^($dtg)\s\[$thingy\]\s\d+:\s($dtg)\s$tz:\s$fragger\:\slist\s(\d+)\sdenied\s(tcp|udp|icmp)\s($ipaddr)\(\d+\)\s\-\>\s($ipaddr)\(\d+\),\s(\d+)\spacket/;