Mark, I tried your example without success. Here is what the output from my program shows:

>>>  |  |  |
$VAR2 = 4980519 04/12/2004 21:07:37.440 SEV=4 AUTH/22 RPT=1151
 User [agra02] Group [cisco3015] connected, Session Type: IPSec

[download]
As you can see in the first line the ">>>" indicates where I should have printed the contents of the extracted values. The second line, shows $VAR2 contents. One problem might be the line break occuring before the word "User". Here is the actual text message:
1081800476 3  Mon Apr 12 15:07:56 2004 test-vpn.mydomain.com u Trap: g
+eneric 6 specific 0 args (3):  [1] mgmt.mib-2.system.sysUpTime.0 (Tic
+ks): 10825222
1081800476 3  Mon Apr 12 15:07:56 2004  test-vpn.mydomain.com u  [2] p
+rivate.enterprises.3076.2.1.4.4.15.22 (OctetString): 4980519 04/12/20
+04 21:07:37.440 SEV=4 AUTH/22 RPT=1151
1081800476 3  Mon Apr 12 15:07:56 2004  test-vpn.mydomain.com u  User 
+[agra02] Group [cisco3015] connected, Session Type: IPSec
1081800476 3  Mon Apr 12 15:07:56 2004  test-vpn.mydomain.com u  [3] p
+rivate.enterprises.3076.2.1.2.4.1.1 (OctetString): AUTH/22

[download]
Here is how I coded it from your example:
if ($ARGUMENTS==6)
{
   ($KEY, $DATE, $TIMESTAMP, $SEV, $LOG_NUM, $RPT, $H1, $H2, $USER, $H
+3, $GROUP, $H4, $H5, $H6, $TYPE) = split(/ /, $VAR2);
   $USER =~ s/\[//;
   $USER =~ s/\]//;
   $GROUP =~ s/\[//;
   $GROUP =~ s/\]//;
# Old code handling ends here. This is the new piece you suggested.

my ($user, $group, $connected, $type) = $VAR2 =~ /^User \[(\w+)\] Grou
+p \[(\w+)\] (\w+), Session Type: +(\w+)$/;
print TRAPDATA "\n>>> $user | $group | $connected | $type\n";
print TRAPDATA "\$VAR2 = $VAR2\n";
}

[download]

In reply to Re: Regex for IOS messages by Anonymous Monk
in thread Regex for IOS messages by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.