I have noticed that if I have any firewall rules logged to the syslog, they are logged with a severity of “1” which is an alert. This fills our syslog with hundreds of urgent alert messages for any packets that match a firewall rule and pages our support techs (since the syslog server thinks there is a problem).
It seems that these syslog messages should be logged with a severity of “6” for informational only.
In addition, syslog messages from the AP when a client connects and disconnects are logged with a severity of “5” which is typically a “notice: normal but significant activity” message. Again, I think a simple connect and disconnect from an AP would be more of a “6” informational only message