Snort alert log parser

This opens /var/log/snort/alert and grabs all of the headers of the alert entries and stores them in a hash and displays how many of each alert there are
For example:

Attack: INFO web bug 0x0 gif attempt - HITS: 23

#!/usr/bin/perl -w

#[**] [1:2925:3] INFO web bug 0x0 gif attempt [**]

%h = ();
sub desc {
   $h{$b} <=> $h{$a};
}

open(F, "/var/log/snort/alert") || die "$!";
while() {
        if(/^.*?\]\s+(.*?)\s+\[.*/) {
                $h{$1}++;
        }
}

foreach $line (sort desc (keys (%h))) {
        print "Attack: $line - Hits: $h{$line}\n";
}