(Note: haukex, a faster typist than I, has already covered most of the points below, but I would just want to emphasize the fact that the regex in your code does match invalid IP addresses.)

Basically, you want to "associate" (hint, hint) a string that represents a "dotted decimal" IP address with a domain name and a count. The data structure (see perldsc) for this might look like 

my %IP = (  # create and initialize
    '198.144.186.184' => {
      'domain' => 'host.colocrossing.com',
      'count'  => 1,
      }
    );
...
# add to structure
my $captured_IP     = ...;
my $captured_domain = ...;
$IP{$captured_IP}{domain} = $captured_domain;
$IP{$captured_IP}{count}++;
...
# print structure -- see perldsc

[download]

Of course, you must already have captured an IP and a domain name from a "POSSIBLE BREAK-IN ATTEMPT!" record, which you seem to be able to identify. It's always best to use what's tried and tested: CPAN.

The module Regexp::Common::net (but first see Regexp::Common for how to use Regexp::Common::net) contains regexes for matching various forms of IP address. Note that the regex pattern you're using,
    /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/
allows a match with, e.g., '999.999.999.999' or '99999.1.2.99999': the first is plain invalid; the second contains a possibly valid IP – or does it?. A better regex can be built using Regexp::Common::net, maybe something like: 

use Regexp::Common qw(net);
...
my $dotted_decimal_ip = qr{ (?<! \d) $RE{net}{IPv4} (?! \d) }xms;
my $domain_name       = qr{ ... }xms;
...
my ($break_in_ip)     = $break_in_message =~ m{ ($dotted_decimal_ip) }
+xms;
my ($break_in_domain) = $break_in_message =~ m{ ($domain_name) }xms;
$IP{$break_in_ip}{domain} = $break_in_domain;
$IP{$break_in_ip}{count}++;
...

[download]
Note that this approach only captures the most recent domain name associated with a particular IP address. I've been a bit vague about the domain-name regex. Such a regex can be quite involved if it must cover all possible domain names, but you may not need anything like this level of coverage. I leave it to you to search CPAN for an appropriate module.

Give a man a fish:  <%-{-{-{-<

In reply to Re^3: Grab input from the user and Open the file by AnomalousMonk
in thread Grab input from the user and Open the file by valerydolce

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.