Syslog testing

I want to do some testing with syslog and do some fine tuning of the logging. Which approach sounds more reasonable, collecting by facility or collecting by level/priority? For example:
auth.* /var/log/auth_messages
kern.* /var/log/kern_messages
daemon.* /var/log/daemon_messages
and so forth

OR

*.=alert /var/log/alert_messages
*.=err /var/log/error_messages
*.=warning /var/log/warning_messages

As always, for those that have "been there, done that" and have your horror stories or valuable insight to offer, I am all ear. :)