I'm looking for input on what would be the best severity level to configure all devices to log messages to a syslog server at. I was thinking setting all at severity level 4 or warnings would be best but I would hate to configure them all at that level and later wish I had set them at severity level 5 or notifications.

The customer doesn't want too many messages coming into the servers which I can understand but I don't want to miss anything. If I were to set the devices at severity level 4 or warnings, what kind of messages would I miss that might be of importance?

For example, Config changes are logged at severity level 5. If I configure everything at severity level 4, I would miss these messages and the system wouldn't be able to do change auditing as thorough. The config would only get updated once/day as scheduled.