Hi ccrash,

Here's the code. But I don't know what it means.

my ($srcip) = $whole_event_string =~ /^(\d+\.\d+\.\d+\.\d+)/;
[download]

I only understand that it is checking whether the entry would have something like IP Address as above. But does it pass the IP address to the $srcip variables ?

Yes, it does. Your code is using a regular expression to find a pattern that looks like an IP Address. Before telling you how it does it, I recommend you to have a look at the perl documentation on regular expressions. In your particular case, the variable $whole_event_string holds the Log entries. Every Log entry is analysed to see whether it has a pattern that begins (that is the meaning of the ^ symbol) with the following sequence of characters:

\d+ one or more digits
\.  a dot
\d+ one or more digits
\.  a dot
\d+ one or more digits
\.  a dot
\d+ one or more digits
[download]

if there is a match, that sequence of characters is assigned to the variable $srcip

The following code illustrates what I just described:

#!/usr/bin/perl
use strict;
use warnings;

while (defined (my $whole_event_string = <DATA>)) {
    my ($srcip) = $whole_event_string =~ /^(\d+\.\d+\.\d+\.\d+)/;
    print "\$srcip = $srcip\n";
}

__DATA__
1.2.3.4 - Unauth [09/Oct/2003: 10:12:06 -0700] "GET / HTTP/1.1" 200 19
+79
2.3.4.5 - Unauth [09/Oct/2004: 11:12:06 -0700] "GET / HTTP/1.1" 200 19
+79
3.4.5.6 - Unauth [09/Oct/2005: 12:12:06 -0700] "GET / HTTP/1.1" 200 19
+79
4.5.6.7 - Unauth [09/Oct/2006: 13:12:06 -0700] "GET / HTTP/1.1" 200 19
+79
[download]

If you try it, the output should be:

$srcip = 1.2.3.4

$srcip = 2.3.4.5

$srcip = 3.4.5.6

$srcip = 4.5.6.7

I hope this helps

lin0