Whats in your # syslog entry in your snort.conf? It should look something similar to the following.
output alert_syslog: 1.1.1.1:514, LOG_AUTH LOG_ALERT. We have ours going to user.log
You also want to make sure your running snort with the -s flag. Which will allow it to be sent to a syslog.
You would also then set up a connector on the appliance to log to your facility.
