Okay, so I had a look through the code for the remote syslog assignment and as far as I can see it just adds the hostname for the remote syslog to get the logging information.
I then looked at the /var/log directory.
There is suricata data in the /var/log/messages file but that seems to only contain Errorcodes about flowbits being checked but not set. This log data is what gets shown in the System Logs menu when Intrusion Prevention is selected from the drop down box.
The IPS logs from the intrusion evaluation against the rules are in /var/log/suricata/fast.log which is the source of what is shown on the Logs - IPS Logs WUI menu which you showed.
It looks to me like the logs that are going into the messages file are the ones being sent to the remote syslog but not the logs going into the fast.log file
I have not read the code enough yet to be sure of this and there are some programs written in c which I am totally unfamiliar with but I have the suspicion that the stuff going to the fast.log file is not getting sent to the defined remote syslog.
I will try and look at it more but maybe others are better able to review the code for this.
This would then sound like a bug if my above findings and interpretation are correct.