#!/usr/bin/perl

use strict;
use Data::Dumper;

$/ = 'messages:';

while ( <DATA> ) {
    my %struct = ();
    my ( $timestamp, @chunks ) = split( /(\S+:)\s+/ );
    while ( @chunks ) {
        my $topkey = shift @chunks;
        my $data = shift @chunks;
        while ( $data =~ s/^(.*?)=//s ) {
            ( my $subkey = $1 ) =~ s/\s+$//;
            if ( $data =~ s/^"([^"]+)"\s+// ) {
                $struct{$topkey}{$subkey} = $1;
            }
            else {
                $data =~ s/^(\S+)\s+//;
                $struct{$topkey}{$subkey} = $1;
            }
        }
    }
    print "\nRecord $.: $timestamp\n", Dumper( \%struct );
}

__DATA__
messages:Dec 17 09:41:08 10.14.93.7 ns5xp: NetScreen device_id=ns5xp  
system-notification-00257(traffic): start_time="2002-12-17 09:45:58" duration=5 policy_id=0 service=tcp/port:8000 proto
=6 src zone=Trust dst zone=Untrust action=Permit sent=1034 rcvd=19829 src=10.14.94.221 dst=10.14.90.217 src_port=1059 dst_port=8000 translated ip=10.14.93.7 port=1223

messages:Dec 17 09:41:08 10.14.93.7 ns5xp: NetScreen device_id=ns5xp  system-notification-00257(traffic): start_time="2002-12-17 09:45:59" duration=4 policy_id=0 service=tcp/port:8000 proto
=6 src zone=Trust dst zone=Untrust action=Permit sent=722 rcvd=520 src=10.14.94.221 dst=10.14.90.217 src_port=1060 dst_port=8000 translated ip=10.14.93.7 port=1224