Suricata multiple interfaces
I've set up Suricata on the WAN interface. When an alert happen I don't see what internal address caused the alert. It is not possible to configure Suricata to show the internal (NAT) affected IP instead of the wan IP, because the Suricata process will only see the the traffic as it comes from or is sent to the WAN interface.
The workaround I did was to set up Suricata on the internal interfaces instead, but the problem is that when having many vlans, we have to set up several Suricata processes (one for each interface).
The Suricata config does support several interfaces per process. It would be nice to have this configuration possibility in the pfsense GUI.