The bug was in Snort "-v" option. Which should never be in use on a production sensor, and in fact 99.9999% of the time, the -v is used for testing to make sure Snort is seeing packets. Snort should always be ran in "-D" (daemon) mode using the -c (conf file) tag.