Suricata

With a default configuration, when reading a PCAP, a basic rule trying to detect a tcp session bigger than a specific size with the flow keyword "stream_size" does not behave as expected.

The test PCAP contains a single TCP flow, with mote than 5Mb from client to server.
The test rule is
alert tcp any any -> any any (msg:"STEAMSIZE"; stream_size:client,>,5000;sid:100001; rev:1;)
The test command line is suricata -c /etc/suricata/suricata.yaml -r ./ldap_session_test.pcap, with the rule file referenced in the suricata.yaml

The expected behaviour is one alert per packet when the size of the stream from the client to the server gets bigger than 5000 bytes. The current results is no alert triggered.
Alerts are only triggered on the condition stream_size:client,=,1; (or stream_size:client,<,X;, with X>1)

In the suricata.yaml, editing the "stream:" parameters and increasing the "depth" parameter to 50mb does not change the behaviour.
Suricata version : 6.0.1, installed via apt on debian

Thanks for your help and amazing development ! :)