- char *log;
- char *tmp_log;
- char tmp_buffer[1024];
- //Replace all the tokens:
- os_strdup(format,log);
-
- snprintf(tmp_buffer, 1024, "%d", lf->time);
- tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_TIMESTAMP], tmp_buffer);
- if(log)
- {
- os_free(log);
- log=NULL;
- }
- snprintf(tmp_buffer, 1024, "%ld", __crt_ftell);
- log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_FTELL], tmp_buffer);
- if (tmp_log)
- {
- os_free(tmp_log);
- tmp_log=NULL;
- }
-
-
- snprintf(tmp_buffer, 1024, "%s", (lf->generated_rule->alert_opts & DO_MAILALERT)?"mail " : "");
- tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_ALERT_OPTIONS], tmp_buffer);
- if(log)
- {
- os_free(log);
- log=NULL;
- }
-
-
- snprintf(tmp_buffer, 1024, "%s",lf->hostname?lf->hostname:"None");
- log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_HOSTNAME], tmp_buffer);
- if (tmp_log)
- {
- os_free(tmp_log);
- tmp_log=NULL;
- }
-
- snprintf(tmp_buffer, 1024, "%s",lf->location?lf->location:"None");
- tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_LOCATION], tmp_buffer);
- if(log)
- {
- os_free(log);
- log=NULL;
- }
-
-
- snprintf(tmp_buffer, 1024, "%d", lf->generated_rule->sigid);
- log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_ID], tmp_buffer);
- if (tmp_log)
- {
- os_free(tmp_log);
- tmp_log=NULL;
- }
-
- snprintf(tmp_buffer, 1024, "%d", lf->generated_rule->level);
- tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_LEVEL], tmp_buffer);
- if(log)
- {
- os_free(log);
- log=NULL;
- }
-
- snprintf(tmp_buffer, 1024, "%s",lf->srcip?lf->srcip:"None");
- log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_SRC_IP], tmp_buffer);
- if (tmp_log)
- {
- os_free(tmp_log);
- tmp_log=NULL;
- }
-
- snprintf(tmp_buffer, 1024, "%s",lf->srcuser?lf->srcuser:"None");
-
- tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_DST_USER], tmp_buffer);
- if(log)
- {
- os_free(log);
- log=NULL;
- }
- char * escaped_log;
- escaped_log = escape_newlines(lf->full_log);
-
- log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_FULL_LOG],escaped_log );
- if (tmp_log)
- {
- os_free(tmp_log);
- tmp_log=NULL;
- }
-
- if(escaped_log)
- {
- os_free(escaped_log);
- escaped_log=NULL;
- }
-
- snprintf(tmp_buffer, 1024, "%s",lf->generated_rule->comment?lf->generated_rule->comment:"");
- tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_COMMENT], tmp_buffer);
- if(log)
- {
- os_free(log);
- log=NULL;
- }
-
- snprintf(tmp_buffer, 1024, "%s",lf->generated_rule->group?lf->generated_rule->group:"");
- log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_GROUP], tmp_buffer);
- if (tmp_log)
- {
- os_free(tmp_log);
- tmp_log=NULL;
- }
-
-
- fprintf(_aflog,"%s",log);
- fprintf(_aflog,"\n");
- fflush(_aflog);
-
- if(log)
- {
- os_free(log);
- log=NULL;
- }
-
- return;
+ char *log;
+ char *tmp_log;
+ char tmp_buffer[1024];
+
+ /* Replace all the tokens */
+ os_strdup(format, log);
+
+ snprintf(tmp_buffer, 1024, "%ld", (long int)lf->time);
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_TIMESTAMP], tmp_buffer);
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+ snprintf(tmp_buffer, 1024, "%ld", __crt_ftell);
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_FTELL], tmp_buffer);
+ if (tmp_log) {
+ os_free(tmp_log);
+ tmp_log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", (lf->generated_rule->alert_opts & DO_MAILALERT) ? "mail " : "");
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_ALERT_OPTIONS], tmp_buffer);
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->hostname ? lf->hostname : "None");
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_HOSTNAME], tmp_buffer);
+ if (tmp_log) {
+ os_free(tmp_log);
+ tmp_log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->location ? lf->location : "None");
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_LOCATION], tmp_buffer);
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%d", lf->generated_rule->sigid);
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_ID], tmp_buffer);
+ if (tmp_log) {
+ os_free(tmp_log);
+ tmp_log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%d", lf->generated_rule->level);
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_LEVEL], tmp_buffer);
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->srcip ? lf->srcip : "None");
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_SRC_IP], tmp_buffer);
+ if (tmp_log) {
+ os_free(tmp_log);
+ tmp_log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->dstuser ? lf->dstuser : "None");
+
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_DST_USER], tmp_buffer);
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+ char *escaped_log;
+ escaped_log = escape_newlines(lf->full_log);
+
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_FULL_LOG], escaped_log );
+ if (tmp_log) {
+ os_free(tmp_log);
+ tmp_log = NULL;
+ }
+
+ if (escaped_log) {
+ os_free(escaped_log);
+ escaped_log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->generated_rule->comment ? lf->generated_rule->comment : "");
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_COMMENT], tmp_buffer);
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->generated_rule->group ? lf->generated_rule->group : "");
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_GROUP], tmp_buffer);
+ if (tmp_log) {
+ os_free(tmp_log);
+ tmp_log = NULL;
+ }
+
+ fprintf(_aflog, "%s", log);
+ fprintf(_aflog, "\n");
+ fflush(_aflog);
+
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+
+ return;