Suricata IPS Not Showing Internal Source/Destination IPs – Only Public IP Visible in Alerts

Pulasthi91 · June 5, 2025, 6:23pm

Suricata version :7.0.10

Operating system and/or Linux distribution :Ubuntu

How you installed Suricata (from source, packages, something else): Source

Currently I am running Suricata in IPS mode. Currently alerts not showing end device IP (specific webserver) getting attack, it is only showing the public IP of the network. Also the traffic going out of the network also showing as public IP as source IP, not showing the specific server IP. Appreciate assistance on this.

Jeff_Lucovsky · June 6, 2025, 12:05pm

Please supply information about your network deployment showing the location of the servers and whether NAT is used (if it is, please describe how it’s used)