in reply to Tricky Syslog Parsing

This handles it on an entry-by-entry basis:

use warnings;
use strict;
use Data::Dumper;

my %fws = ();
my @queue = ();

while (<DATA>) {
  my $line = $_;
  if ($line =~ /^\d{4}-\d\d-\d\d/) {
    process_queue(@queue);
    @queue = ();
  }
  push @queue, $line;
}

process_queue(@queue) if scalar(@queue) > 0;

sub process_queue {
  my @entries = @_;
  foreach my $entry (@entries) {
    #the regex below should be modified
    #to suit your actual needs
    if ($entry =~ /(%FW-\d-\d{6})/) {
      my $fw = $1;
      $fws{$fw} = join('', @queue) unless exists $fws{$fw};
    }
  }
}

print Dumper(%fws);
1;
__DATA__
2003-12-22 15:48:35     Local4.Error    192.168.1.2   
Dec 22 2003 20:48:25: %FW-3-106011: Deny inbound 
(No xlate) udp 4 dst inside:192.168.18.6/161

2003-12-22 23:52:00     Local4.Critical 192.168.1.2   
Dec 23 2003 04:51:50: %FW-2-108002: SMTP replaced >: 
out 192.168.36.223 in 192.168.11.12 
data: MAIL From: <123@hotmail.com>..

2003-12-22 23:56:00     Local4.Error    192.168.1.2   
Dec 22 2003 20:48:25: %FW-3-106011: Insert Worm 
data: MAIL FROM <foo@bar.com>

2003-12-22 23:57:22     Local4.Oops    192.168.1.2   
Dec 22 2003 20:48:25: %FW-3-106011: Deny Involvement 
(No xlate) udp 4 dst inside:192.168.18.6/161

2003-12-22 23:58:33     Local4.Critical 192.168.1.2   
Dec 23 2003 04:51:50: %FW-2-108002: SMTP blow'd up 
out 192.168.36.223 in 192.168.11.12 
data: MAIL From: <spammy.spammington@spam.net>..

[download]
Hanlon's Razor - "Never attribute to malice that which can be adequately explained by stupidity"

In Section Seekers of Perl Wisdom