+ snprintf(tmp_buffer, 1024, "%s", (lf->generated_rule->alert_opts & DO_MAILALERT) ? "mail " : "");
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_ALERT_OPTIONS], tmp_buffer);
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->hostname ? lf->hostname : "None");
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_HOSTNAME], tmp_buffer);
+ if (tmp_log) {
+ os_free(tmp_log);
+ tmp_log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->location ? lf->location : "None");
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_LOCATION], tmp_buffer);
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%d", lf->generated_rule->sigid);
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_ID], tmp_buffer);
+ if (tmp_log) {
+ os_free(tmp_log);
+ tmp_log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%d", lf->generated_rule->level);
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_LEVEL], tmp_buffer);
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->srcip ? lf->srcip : "None");
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_SRC_IP], tmp_buffer);
+ if (tmp_log) {
+ os_free(tmp_log);
+ tmp_log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->dstuser ? lf->dstuser : "None");
+
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_DST_USER], tmp_buffer);
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+ char *escaped_log;
+ escaped_log = escape_newlines(lf->full_log);
+
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_FULL_LOG], escaped_log );
+ if (tmp_log) {
+ os_free(tmp_log);
+ tmp_log = NULL;
+ }
+
+ if (escaped_log) {
+ os_free(escaped_log);
+ escaped_log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->generated_rule->comment ? lf->generated_rule->comment : "");
+ tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_COMMENT], tmp_buffer);
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+
+ snprintf(tmp_buffer, 1024, "%s", lf->generated_rule->group ? lf->generated_rule->group : "");
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_GROUP], tmp_buffer);
+ if (tmp_log) {
+ os_free(tmp_log);
+ tmp_log = NULL;
+ }
+
+ fprintf(_aflog, "%s", log);
+ fprintf(_aflog, "\n");
+ fflush(_aflog);
+
+ if (log) {
+ os_free(log);
+ log = NULL;
+ }
+
+ return;
+}