snort alert ip source/Dest changed

[kinomakino <kinomakino () hotmail com>]

As always, thanks for reading 
I have a problem with an installation of Snort and IP source / destination
alerts. 

The problem is that it changes the source IP to the destination, and vice
versa. 
I think it's been since I've activated "k none", but if not active, detects
almost no traffic, just a few rules. 
I have to say it's a VPS with a nic (eth2) and an alias (eth2: 1). 
Both IP's are public, but the web server listens on the IP of eth2: 1. 
Thanks for everything. 

My snort command is: 
./snort --daq --daq pcap-mode passive -i d eth2: 1 c u snort snort -g
/etc/snort/snort.conf l / var / log / snort k none

------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!