After you have chosen and configured severity levels for logging destinations, you should make sure you are receiving only necessary messages. In other words, don't choose a severity level that can produce an abundance of messages that will be ignored. Always keep in mind that a Syslog server must receive and archive every message sent to it. Storage space is at a premium, especially when logs continuously grow over time.
Here are rules of thumb to follow when choosing a severity level:
If only firewall error conditions should be recorded and no one will regularly view the message logs, choose severity level 3 (errors).
If you are primarily interested in seeing how traffic is being filtered by the firewall ...