Hello all,
Part of my job is finding people who download files illegally, and I get a few hundred to a few thousand emails a day regarding this. I've been trying to build an automatic script for a while on this, but am running into problems grabbing an IP address and timestamp from a variety of different formats on emails. Any suggestions on how to grab information from an email that changes depending on who is sending it?
Sometimes the information looks like:
Timestamp: 2015-03-18 21:50:13 North American Eastern Time Unauthorized IP Address: 184.177.x.x
Other times the information might be like: (I need to grab the first IP, but not the second)
2015-03-17 19:54:16.589158 IP (tos 0x0, ttl 241, id 40294, offset 0, flags [none], proto UDP (17), length 1427) 66.210.x.x.161 > 31.186.x.x.3389: UDP, length 1399
And other times, it might be:
> <TimeStamp>2015-03-28T19:30:11.23Z</TimeStamp> > <IP_Address>67.202.x.x</IP_Address>
I have written code that can grab IP from a specific format, but I'd like to make a universal that can find the information no matter what it is surrounded by, rather than having to put in new code each time I get a new format.