#!/usr/bin/perl

    use strict;
    use warnings;

    use HTTP::Date;         # VERY likely to be installed, since it's a dependency of CPAN and LWP
    use Data::Dumper;


foreach my $syslog (sort {firstnum($b) <=> firstnum($a)} glob '/var/log/syslog*') {
    my $fin;
    if ($syslog =~ /\.gz$/) {
        open $fin, '-|', 'gzip', '-dc', $syslog      or die $!;
    } else {
        open $fin, '<', $syslog      or die $!;
    }
    while (<$fin>) {
        my %entry = %{parse_syslog_line($_) or next};
        next unless ($entry{program} eq 'rsyslogd');
        $entry{text} =~ s/^(\[.*?\])\s*//  and $entry{origin} = $1;
        print Dumper \%entry;
    }
}


# parse one line of text from /var/log/syslog
sub parse_syslog_line {
    # see full regexp at Parse::Syslog::_next_syslog()
    $_[0] =~ /^(\S{3}\s+\d+\s\S+)\s+([-\w\.\@:]+)\s+([^:]+?)(?:\[(\d+)\])?:\s+(.*)/
        and {date_human => $1, date => str2time($1), host => $2, program => $3, pid => $4, text => $5, line => $_[0]};
}


# extract the first number found within a string
sub firstnum {(shift =~ /(\d+)/)[0] || 0}