For portability do not assume that the result of inet_aton()
is 32 bits wide, in other words, that it would contain only
the IPv4 address in network order.
[download]

my $ip = pack(C4 => split /\./, $src);
[download]

True, it depends on the characteristics of inet_aton(3) however using pack() and split() only works if the IP address is in the dotted quad format while inet_aton() will work with any valid IP address and return undef if the address is not valid.

Thanks to everyone for their help I now have the file sorted by src address using the "socket" method and the record looks like this:

2006-03-16 06 50 08 Local4.Warning 155.236.56.102 Mar 16 2006 06 44 11 %PIX-4-106023 Deny udp src inside 10.200.20.71 1047 dst outside 155.236.60.129 161 by access-group inside_access_in
2006-03-16 07 01 20 Local4.Warning 155.236.56.102 Mar 16 2006 06 55 23 %PIX-4-106023 Deny udp src inside 10.200.20.71 1047 dst outside 155.236.60.106 161 by access-group inside_access_in
2006-03-16 07 01 20 Local4.Warning 155.236.56.102 Mar 16 2006 06 55 23 %PIX-4-106023 Deny udp src inside 10.200.20.71 1047 dst outside 155.236.60.106 161 by access-group inside_access_in
2006-03-29 07 11 17 Local4.Warning 155.236.56.102 Mar 29 2006 07 04 12 %PIX-4-106023 Deny udp src inside 10.200.20.71 1046 dst outside 155.236.60.181 161 by access-group inside_access_in
2006-03-14 12 09 52 Local4.Warning 155.236.56.102 Mar 14 2006 12 04 05 %PIX-4-106023 Deny tcp src inside 10.200.21.72 2519 dst outside 207.46.253.188 80 by access-group inside_access_in

I now need to get all the dst IP address's sorted together for each src IP - I will need to do more but once I see how you sort dst IP address per src IP address I will be able to do this.