Your pfSense settings appear to be correct, but be aware that syslog on FreeBSD can impose a size limit on each syslog record. I seem to recall it is 480 bytes. It's actually related to the maximum "safe size" of a UDP datagram when the MTU is not known. So, this means that potentially a large chunk of each EVE JSON record will be truncated when sent over syslog.
You will also need to be sure the Security Onion syslog daemon is configured to accept remote connections (including the port, which is normally 540) and that any firewall running on the Security Onion appliance has an appropriate pass rule enabled for the traffic.
Better to install a third-party log scraper package and export the text EVE JSON log to your Security Onion box. Unfortunately, there is no natively available pfSense package for that. You will need to carefully cobble something together independently. A Graylog client is popular these days for such a task.