Haha this is my first ever work with Perl so it would probably be a big task for me to rewrite it, but I'll still still take a look.

I am left with a couple options so far: 1. Snort logs to a regular ascii file that will work with File::Tail 2. Snort logs to pcap binary files that can be one or multiple log files but for one file, I wouldn't be able to use a continuous file.

What my boss wants is to create a parsed log about every 24 hours with the data acquired. I guess to start off, would this be better to implement on one continuous log? or would it be better to lets say, tell Snort to stop once the file is xx MB and then parse each of those?

I am not really sure how to approach this problem as you can see. There are a couple options but I cant determine which road to take.