Upgraded Suricata from 5.0.3 to 5.0.4. Signatures stopped triggering. But still getting network events in eve.json. What could be causing signatures to not trigger? What should I look for?
Can you share the details of which signatures have stopped triggering?
It was all signatures not functioning affter the upgrade from 5.0.3 to 5.0.4. Last night we had to wipe out the production instance of Suricata and totally reinstall 5.0.4 from scratch. We used the original yaml files after reinstalling Suricata and was able to get Suricata working again. Not sure what caused the problem when upgrading over the top of 5.0.3. Never had a problem like that before.