That log file is not getting written to. The suricata log info is being sent to
/var/log/suricata/fast.log
So the question is how to get fast.log sent to the syslog. This has been raised before and a bug has been raised for it.
https://bugzilla.ipfire.org/show_bug.cgi?id=12960
The previous thread had no suggestions for how to fix it other than my code investigation attempts.
https://community.ipfire.org/t/ids-log-to-syslog/8777
Availability of the best core developer to support that is limited at the moment.
If there is anyone else able to figure out how to link the fast.log files to syslog within IPFire then their input would be welcomed.
Also if anyone is willing to pick up the bug and work on it, I would encourage them to do so.