Suricata not showing logs from windows

I have 3 VMs. Windows Server 2012, Linux and pfSense. pfSense serves as DHCP and Router/Network Interface. Windows and Linux have been assigned static IPs on the same network interface and subnet from pfSense. I have Suricata installed on Linux and when I run Red Team attacks on Linux, Suricata logs an alert in the fast.log and eve.json files. When I run similar commands on Windows Server (that should trigger an alert), Suricata doesn’t log alerts. I don’t know if it means Suricata can only monitor traffic on the Kali since its where it is installed and it can’t monitor Windows. For clarity

Linux IP:
Windows Server IP:
Gateway IP:

Can someone help me please? I have struggled with this issue and would appreciate some help.

From your description, I’m assuming that the traffic to the Windows server isn’t being received on the Linux system where Suricata is running.

Suricata receives packets from specific NICs; you can use tcpdump against those NICs to see if the Linux system receives packets destined for other machines.

My guess is that this is the problem.