Relationship between custom protocol analyzer and weird log

Hi all,

I am experiencing a strange behaviour in BRO that I am not able to
troubleshoot autonomously.
I developed a simple binary protocol analyzer that produces a log file
of type prot1.log.

If I run bro offline on a dedicated pcap it correctly outputs prot1.log
with the proper record.
If I run bro sniffing on an interface and I tcpreplay the pcap on the
sniffed interface I get weird.log with SYN_inside_connection warning.

Is weird preemting the application of my analyzer?

many thanks in advance,
Valerio