Hey, I think it's a great move on your part to install snort. I don't know exactly why you're only seeing SNMP alerts in the log as I don't have a huge amount of experience with snort....
For starters, though, I'd recommend shutting it down and starting it with this syntax-
/usr/sbin/snort -U -d -D -c /etc/snort/snort.conf
Those are the arguments that webmin starts it with for me. If you depend on Webmin like me, you might want to download the Snort webmin module from
www.snort.org... it's in the downloads section of their site.
Also, I don't know how recent your rules sets are because you didn't say where you got snort from. I'd recommend downloading the most current rules sets and untar them in /usr/lib/snort/rules or wherever your install has the rules sets. They update these things several times a day.
Make sure the snort.conf file is pointing to your rules directory. I don't think it starts, though, if it doesn't.
Initially, you'll find a lot of bullcrap alerts for stuff that doesn't relate to your install. Like I'm on a Mandrake box and snort was telling me about every Nimda attack. You will be able to suppress these annoyances by examining the ID number of the attack type, then editing the matching rules set and commenting out that line.
I hope I'm not bogging you down with stuff you already know... But before I finish, I'd also recommend that you look at installing ACID. It's a VERY useful reporting tool for Snort. It allows you to have Snort send all alerts to a mysql database and then gives you a php-driven web app that can display the alert info in every useful view you'll need. Like I mostly just check the 15 most recent attack types on there. You can find out about ACID over at
www.freshmeat.net
good luck,
di11rod