Suricata blowing up /var/log/messages

I’m running latest Suricata on CentOS 7, capturing w/ AF-PACKET. All of a sudden Suricata seems to be writing logs to /var/log/messages.

tail /var/log/messages

Sep 29 15:47:14 {SURI} snort[6967]: [1:2230003:1] SURICATA TLS invalid handshake message [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 52.8.126.234:443 → {HOME_NET}:49778

Sep 29 15:47:14 {SURI} snort[6967]: [1:2230010:1] SURICATA TLS invalid record/traffic [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 52.8.126.234:443 → {HOME_NET}:49778

Sep 29 15:47:14 {SURI} snort[6967]: [1:2230003:1] SURICATA TLS invalid handshake message [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 104.244.36.20:443 → {HOME_NET}:55098

Sep 29 15:47:14 {SURI} snort[6967]: [1:2230010:1] SURICATA TLS invalid record/traffic [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 104.244.36.20:443 → {HOME_NET}:55098

Sep 29 15:47:14 {SURI} snort[6967]: [1:2230003:1] SURICATA TLS invalid handshake message [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} {HOME_NET}:55098 → 104.244.36.20:443

Sep 29 15:47:14 {SURI} snort[6967]: [1:2230010:1] SURICATA TLS invalid record/traffic [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} {HOME_NET}:55098 → 104.244.36.20:443

Sep 29 15:47:14 {SURI} snort[6967]: [1:2028371:2] ET JA3 Hash - Possible Malware - Fake Firefox Font Update [Classification: Unknown Traffic] [Priority: 3] {TCP} {HOME_NET}:4375 → 54.224.241.105:443

Sep 29 15:47:14 {SURI} snort[6967]: [1:2101616:9] GPL DNS named version attempt [Classification: Attempted Information Leak] [Priority: 2] {UDP} 104.244.79.213:58284 → {HOME_NET}:53

Sep 29 15:47:14 {SURI} snort[6967]: [1:2230003:1] SURICATA TLS invalid handshake message [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} {HOME_NET}:63406 → 104.19.223.81:443

Sep 29 15:47:14 {SURI} snort[6967]: [1:2230010:1] SURICATA TLS invalid record/traffic [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} {HOME_NET}:63406 → 104.19.223.81:443

First off, are these entries any different than what is being sent to eve.json? Second, how do I stop Suricata sending anything to /var/log/messages?