http eve log data source/dest flip
We started seeing some of our http traffic source and destination data
As far as we can tell it appears to happen when a client is going to
port 443/ssl traffic through our proxies.
flow data source and destination are correct so it appears to maybe be
related to http parsing.
Attached are the suricata build information, json log data and pcap.