Haha I love the STACKOVERFLOW Community.

So I'm not 100% what corrected it but I did the below:

I created a log file in /var/log/snort.log and created a config file in the /etc/rsyslog.d directory. Within this config file I directed the traffic to the /var/log/snort.log and after some messing around logs were appearing correctly.

I also removed the LOG_AUTH element and restart rsyslog multiple times.

To double check my understanding I removed this direction and now the SNORT alerts are appearing within the default syslog file.

Hope this helps anyone else trying to learn something new.