I’ve noticed that in your rule you have alert udp if you change that to alert sip, does the alert show?
You could also try to get one of the sip tests in our suricata-verify framework and see if those run, so we could try to understand if this is an issue with Suri as a whole, with the pcap or with the rule you’re trying to match on.
Thanks for adding this info. I digged a bit and from my tests you should be able to inform Suricata on which ports you’d like it to inspect, for SIP. In order to do that, on the suricata.yaml configuration file, go to the sip section under the app-layer one, and then you can edit it to look something like this, but adjusting to your needs: