$re = '/\s(?<filter>PFE_FW_SYSLOG_ETH.*:)\sFW:\s(?<src_interface>[^ ]+)\s+(?<action>\w+).*(?<transport>tcp|udp|icmp)\s(?<src>(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})|(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$)\s(?<dst>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$)\s+(?<src_port>[^ ]+)\s+(?<dest_port>[^ ]+)\s+/m';
$str = 'Aug 2 09:16:37 10.10.10.10 Aug 2 09:16:37 externals-cl fpc1 PFE_FW_SYSLOG_ETH_IP: FW: xe-1/0/0.0 D 0800 34:62:5a:74:8f:c3 -> 64:b2:9a:7e:1b:4a tcp 184.154.189.91 10.1.1.1 41860 465 (1 packets)
Aug 2 09:23:13 10.10.10.10 Aug 2 09:23:13 externals-fq fpc0 PFE_FW_SYSLOG_ETH_IP: FW: xe-0/0/0.447 D 03af:0700 a6:e7:f2:2e:13:c7 -> 72:a3:9c:3a:22:00 icmp 185.176.27.46 10.1.1.1 44927 53389 (1 packets)
Aug 2 10:00:42 10.10.10.10 Aug 2 10:00:42 externals-fq fpc2 PFE_FW_SYSLOG_ETH_IP: FW: et-2/1/0.716 D 02cc:0800 52:a2:2f:7a:1d:5a -> 84:c9:2b:9e:24:e6 icmp 10.1.1.2 10.1.1.1 3 3 (1 packets)';
preg_match_all($re, $str, $matches, PREG_SET_ORDER, 0);
// Print the entire match result
var_dump($matches);
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for PHP, please visit: http://php.net/manual/en/ref.pcre.php