Suricata IPS Not Showing Internal Source/Destination IPs – Only Public IP Visible in Alerts

  • Suricata version :7.0.10
  • Operating system and/or Linux distribution :Ubuntu
  • How you installed Suricata (from source, packages, something else): Source

Currently I am running Suricata in IPS mode. Currently alerts not showing end device IP (specific webserver) getting attack, it is only showing the public IP of the network. Also the traffic going out of the network also showing as public IP as source IP, not showing the specific server IP. Appreciate assistance on this.

Please supply information about your network deployment showing the location of the servers and whether NAT is used (if it is, please describe how it’s used)