Suricata

Hi,

In a tcp session, if request is seen after the response, Suricata (atleast the logging part) doesnt consider the request. We only get response log.

In the attached pcap,

1. Packets 1-2-3 establish session
2. Response packet 4
3. Request at 6
4. TCP session close at 8-9-10

Suricata logging doesnt include request and we see the below logs.

{"timestamp":"2022-02-28T03:46:25.436228+0000","flow_id":1097925804505446,"in_iface":"wlp2s0b1","event_type":"http","src_ip":"192.168.0.105","src_port":55758,"dest_ip":"192.168.0.114","dest_port":8090,"proto":"6","tx_id":0,"http":{"http_port":0,"url":"/libhtp::request_uri_not_seen","http_content_type":"application/json","status":200,"length":0,"request_headers":[],"response_headers":[{"name":"Content-Type","value":"application/json; charset=utf-8"},{"name":"Date","value":"Mon, 28 Feb 2022 03:10:38 GMT"},{"name":"Content-Length","value":"0"}]}}

Have tried with no change in behavior,
1. midstream = true
2. async-oneside = true

Is there any other config to consider or is this genuine bug/limitation?

Regards