Syslog events (UDP-based messages) from a Cisco IPS appliance are only high level system status messages (server up, signature update applied etc.).

Actual intrusion events are only exported via the more reliable tcp-based SDEE. For that you use a client such as Cisco IPS Manager Express (for small deployments) or Cisco Security Manager (enterprise class tool).