use warnings;
use strict;
use Regexp::Common qw /net/;

my $fw_file = 'tmp.log';

my @allIps = qw(10.8.1.5 10.8.1.6 10.8.1.7);
my %ipsMatch = map {$_ => 1} @allIps;
my @infectedIps = check_fw_logs(\%ipsMatch, $fw_file);

sub check_fw_logs { 

 # Sample Line to match
 Oct 31 23:58:12 x.x.x.x Oct 31 2010 23:58:14: 
<br>%PIX-5-106100: access-list INBOUND denied udp 
<br>outside/10.158.53.2(12143) -> dmz/192.168.19.11(53)
<br> hit-cnt 8 300-second interval [0x6be0682a, 0x0]
 
 my $ipsAll, $file = @_;
 my (@infectedIps);

 open (FILE, $file) or croak("Can't open $file: $!\n");
 while(<FILE>){
  my $sub = substr($_, 105, 40);
  if ($sub =~ /(\d+\.\d+\.\d+\.\d+)\(?:\d+\) -> 
outside\/(\d+\.\d+\.\d+\.\d+)/ && exists $ipsAll->{$1}){
    push(@infectedIps,$1);
  }
 }
 return @infectedIps;
}