What have you tried?

As an aside don't fall for the "efficient as possible" tripe. Getting wrong answers fast is not generally considered a good solution. Work on getting the correct answers first then (and only if the solution takes too long to run) consider how you can make it faster.

This is just so true.

Here it is with nicer formatting and a basic explanation:

m/
  <=\s*
  (\S+)    # Capture the email address following <=
  [^[]+\[  # Skip to the first subsequent square bracket.
  ([^\]]+) # Capture until a closing bracket.
/x
[download]

You can tinker with it yourself here.

The email address will be in $1 and the IP will be in $2, following a successful match.

Update: Silly me for trusting the OP's spec. Kenosis mentioned to me that the exim record could, in addition to <= also contain any of ==, **, =>, *>, ->, and possibly some others. So the <= anchor is probably not ideal, but could be improved upon with (?:<=|==|\*\*|=>|\*>|=>) (plus whatever others are legal).

Thanks Dave,

The Spec is correct - This is already in a if/ifelse statement where we know if we are dealing with == ** etc So what you have shown me is just perfect,

many thanks

Steve

Fantastic! My faith in humanity is restored. ;) ...and I'm glad it worked for you.




Dave

$_='May  2 04:06:15 lon.mail.net exim[17905]: 2012-07-03 07:06:15 1SPP
+tO-0004en-PS <= me@ours.co.uk H=smtpout.mail.com [22.5.10.4] I=[6.5.1
+4.4]:25 P=esmtp S=13333 id=6aeca3b79b8892d6105dab131c76f066@localhost
+.localdomain T="Half price offer"';

my @data= split(/ /);

my $Email=$data[10];
my $IP=$data[12];
$IP=~s/\[//g;
$IP=~s/\]//g;

print "Email: $Email\n";
print "IP: $IP\n";
[download]

If your logfile has it's data with fixed "width", then using unpack function can really come in handy! And you really wouldn't border on perl version you are using. see this:

use warnings;
use strict;

my $str =
'May  2 04:06:15 lon.mail.net exim[17905]: 2012-07-03 07:06:15 1SPPtO-
+0004en-PS <= me@ours.co.uk H=smtpout.mail.com [22.5.10.4] I=[6.5.14.4
+]:25 P=esmtp S=13333 id=6aeca3b79b8892d6105dab131c76f066@localhost.lo
+caldomain T="Half price offer"';

my ( $e_mail, $ip ) = unpack "x82A13x21A9", $str;
print "EMAIL: ", $e_mail, "\nIP: ", $ip, $/;

# OR

while (<DATA>) {
    my ( $e_mail, $ip ) = unpack "x82A13x21A9", $_;
    print "EMAIL: ", $e_mail, "\nIP: ", $ip, $/;
}

__DATA__
May  2 04:06:15 lon.mail.net exim[17905]: 2012-07-03 07:06:15 1SPPtO-0
+004en-PS <= me@ours.co.uk H=smtpout.mail.com [22.5.10.4] I=[6.5.14.4]
+:25 P=esmtp S=13333 id=6aeca3b79b8892d6105dab131c76f066@localhost.loc
+aldomain T="Half price offer"

 
[download]

UPDATE: Oops! my bad I missed that but was pointed out by Kenosis though, Please Note however, if the length of the field to be gotten varies, then unpack function will NOT also work.
However, I had mentioned perviously that the logfiles data MUST have a FIXED WIDTH.

remember that perl doesn't do greedy matching, so, try: /.*<=(.*)\s*\[(\d?\d\d\.\d?\d\d\.\d?\d\d\.\d?\d\d).*/ $1 will be the email, and $2 will be the ip.

Just for the record, the standard quantifiers in Perl regular expressions are, indeed, greedy.

They are greedy, but not too clever

my $str = "xaxaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
$str =~ /(a+)/;
print "$1\n";
# prints "a" not "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
[download]

The quantifiers are greedy, but they refuse to let go of something they found unless forced even if they could get more someplace later.

Jenda
Enoch was right!
Enjoy the last years of Rome.