https://datafeed.emergingthreatspro.com/qa_pcaps/
from the above site we have alerts(pcaps) downloaded into host1 from which we are sending(tcpreplay) the packets out to host2 where suricata is listening for packets on an interface say ids.Saw various alerts generated by suricata under the path /va/log/suricata/eve_**.json.
We tried sending alert pcaps continuously using a script for 2 days at a particular point of time we saw suricata is not detecting any alerts, but after restarting the daemon we were able to see the alerts generated.
What could have caused the issue here ?
is there any parameter in suricata.yaml that we can tune to overcome the issue ?
Kindly do help.
Note: suricata.yaml can be found from Suricata consuming high memory