I've only done limited Cisco log parsing, but since the format is very cnsistent up until the %Whatever, why not start with a split(' ') and then parse the pieces, ala:

# untested
while (<>)
{
   my ($mon, $day, $time, $rtr, $seqno, $rmon, $rday, $rtime, $rtz, $c
+ode, $msg) = split(' ', $_, 11);
   next unless $code =~ m!\%SEC-6-IPACCESSLOGP:|\%SEC-6-IPACCESSLOGDP:
+!:
   # process stuff here, ala:
   my (undef, $listno, $act, $proto, $src, undef, $trget, $other, $cnt
+, ) = split(' ', $msg);
}
[download]

Now the parts that are consistent are split out. You'll still have to deal with the message-type dependent stuff - which should be in $msg - there's no help for that, but now you can attack the individual pieces wihout hurting your brain so badly.

And if all the messages that you're interested in are ACL violations, you can let split break all the pieces out for you.

(And anyhow, aren't you really looking for "-> IP_addr(69)", at least this week? I know I was on Friday - ALL day.)

--Bob Niederman, http://bob-n.com

All code given here is UNTESTED unless otherwise stated.