This is probably closer to what you are looking for.
It can handle multiple devices, and multiple occurrences of different errors for each device.
#!/usr/bin/perl
use warnings;
use strict;
my %devinfo;
while (<DATA>) {
next unless my ($date,$time, $device, $err) = /(\w+ \d+) ([\d:]+)\s(
+\S+) \[[^\]]+\]([^\(]+)\s?\(\d+/;
$devinfo{$device}{$err}{COUNT}++;
$devinfo{$device}{$err}{FIRST_TIME} ||= [$date, $time];
}
for my $dev (sort keys %devinfo) {
print "DEVICE\t--> $dev ==============\n";
for my $err (keys %{ $devinfo{$dev} }) {
my $errinfo = $devinfo{$dev}{$err};
print "DATE\t--> $errinfo->{FIRST_TIME}[0]\n";
print "TIME\t--> $errinfo->{FIRST_TIME}[1]\n";
print "ERROR\t--> $err\n";
print "\nThe above error occurred $errinfo->{COUNT} times\n\n";
}
}
__DATA__
<put data here>
Output, with your data:
DEVICE --> esw001tff2 ==============
DATE --> Oct 17
TIME --> 10:35:43
ERROR --> Server reset. Occurred 1 time.
The above error occurred 2 times
DATE --> Oct 17
TIME --> 10:35:39
ERROR --> IP Spoofing from 255.255.255.255 to 255.255.255.255! Occu
+rred 1 time.
The above error occurred 7 times
DATE --> Oct 17
TIME --> 10:35:47
ERROR --> Root login failure! Occurred 1 time.
The above error occurred 3 times
"By three methods we may learn wisdom: First, by reflection, which is noblest; Second, by imitation, which is easiest; and third by experience, which is the bitterest."
-Confucius