Hello, of course, there are different ways to solve this, i like the perl approach. Only since i myself am not all that familiar with the language, i'd like to add 2 pointers: (M)AWK scripting language can do similar things (read syslog once, loop over regular expressions and output anything you want about it). But if you can live with calling egrep repeatedly, i would suggest GNU parallel, which works similar to xargs, only a much enhanced version of it, using sevral cores in parallel by default but also handling the commandline in a much improved way (special syntax, so to speak). It allows coding your request as a one-liner, i am certain, but probably not as effective, as perl or awk would have been. BTW: GNU parallel is in debian repos, but a quite outdated version of it.
Have fun, DdB
