You already provided the basic recipe. I only see a few open questions in your spec:

1. The one hour you specify, counts this from the establishment of the connection?
2. Is this any one hour or can one simplify to: 13:00:00 to 13:59:59 for example? The latter is much simpler than looking for an arbitrary period of 60 minutes.
3. Can you read in a log file into memory or does the logic need to read line by line?

After that it is straightforward using a few regexes and hashes.