+void OS_CustomLog(const Eventinfo *lf, const char *format)
+{
+ char *log;
+ char *tmp_log;
+ char tmp_buffer[1024];
+
+ /* Replace all the tokens */
+ os_strdup(format, log);
+
+ snprintf(tmp_buffer, 1024, "%ld", (long int)lf->time);
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_TIMESTAMP], tmp_buffer);
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+ snprintf(tmp_buffer, 1024, "%ld", __crt_ftell);
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_FTELL], tmp_buffer);
+ if (tmp_log) {
+ os_free(tmp_log);
+ tmp_log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", (lf->generated_rule->alert_opts & DO_MAILALERT) ? "mail " : "");
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_ALERT_OPTIONS], tmp_buffer);
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->hostname ? lf->hostname : "None");
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_HOSTNAME], tmp_buffer);
+ if (tmp_log) {
+ os_free(tmp_log);
+ tmp_log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->location ? lf->location : "None");
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_LOCATION], tmp_buffer);
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%d", lf->generated_rule->sigid);
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_ID], tmp_buffer);
+ if (tmp_log) {
+ os_free(tmp_log);
+ tmp_log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%d", lf->generated_rule->level);
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_LEVEL], tmp_buffer);
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->srcip ? lf->srcip : "None");
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_SRC_IP], tmp_buffer);
+ if (tmp_log) {
+ os_free(tmp_log);
+ tmp_log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->dstuser ? lf->dstuser : "None");