Suricata/Transparent Firewall Randomly working/not working

[xoclutch]

I have a pretty basic Transparent Firewall running opnsense i setup using this guide: https://docs.opnsense.org/manual/how-tos/transparent_bridge.html

When I enabled IPS.  It will start alerting to some traffic/test eicar files, but then will stop working.

It seems to be detecting traffic very rarely, and whenever i update the rule list, or change a setting, it stops working, then will randomly alert later.

I have tried every combination of settings/etc trying to get it working. 


Does Suricata work in Transparent Bridge mode?  I am running the latest version of opnsense.  And recommendations on special settings that might help correct this strange issue?  Logs look clear, and everything is running fine.  It's just not alerting correctly.  It seems like the more i mess with it, the less it works.

Thanks