Regex to match IPv4 Addresses in log files

I need to be able to find and replace sensitive data like IP addresses in log files so that I can send them to a vendor for technical support.

The trouble is that the log files also contain version numbers that look like ip addresses but with extra digits.

The regex I've got so far picks up IP addresses just fine:

(((25[0-5]){1,3}|(2[0-4]|(1\d|[1-9]|)\d)){1,3}\.?){4}

Trouble is that it also picks up things like version numbers so it also matches things like 1555.2655.3255.1594

I thought that using {1,3} would limit it to a max of 3 digits but it isn't working like that.

I'm using Powershell to parse the files and below is a mock up of the type of formatting I'm dealing with:

test 127.1.1.1test test 10.0.0.1 test test 172.28.69.77test test 15.26.32.159 test test 15.26.32.1594test test 1.26.3255.1594test test 1555.2655.3255.1594test 255.255.255.192 256.255.255.0 999.999.999.999

This might work for you.

(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})

If the IPs can even be adjacent to letters in some text, set boundaries with negative lookarounds. E.g. (?<![\d.]) for not preceded by a digit or dot and after it (?![\d.]) for not followed by.

(?<![\d.])(?:(?:[1-9]?\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:[1-9]?\d|1\d\d|2[0-4]\d|25[0-5])(?![\d.])

See this demo at regex101

If the IPs are separated by whitespace, the pattern can be shortened to:

(?<!\S)(?:(?:[1-9]?\d|1\d\d|2[0-4]\d|25[0-5])\.?\b){4}(?!\S)

Another demo at regex101

The method here to make the pattern shorter is the use of an optional dot \.? and force it by use of a word boundary \b after each of the {4} repititions (even at the end). In the first scenario this technique can't be used because because e.g. in 1.2.3.4abc there is no word boundary after the IP.

The relevant part from the IP-pattern (?:[1-9]?\d|1\d\d|2[0-4]\d|25[0-5]) to match 0-255 derives from a regex for range online generator (a bit shortened). There is one at Stack Overflow as well.