The minimum for syslog configurations should be to log (nearly) everything
I have some opinions on how the venerable Unix syslog should be set
up, but a very strong one of them is that (nearly) every syslog
message should be logged somewhere. I consider this a minimum
standard for vendor and distribution supplied
The 'nearly' is that although syslog priorities don't mean much
these days, I think a Unix is reasonably
justified in not syslog'ing the
debug priority for most facilities.
However, a stock
syslog.conf should definitely log each of the
syslog facilities supported by its syslog to somewhere.
This should also be something you preserve in any local versions or modifications to the standard syslog configuration. Unless you're extremely sure that a syslog facility will never ever be used, you should keep logging it somewhere. And if you're sure it will never be used, well, what's the harm in having it sent to a file that will always wind up being empty? This is especially the case if you're running third party software (whether commercial or open source), because programmers can have all sorts of clever ideas about what syslog facilities to use for what.
If you're extremely sure that you don't need to syslog a particular facility and so you leave it out, please put a comment in your syslog configuration file to explain this. A good goal to strive for in syslog configuration files (for you and for vendors) is to create one that convinces any sysadmin reading it (including your future self) that it covers everything that will ever be logged.
(My other syslog configuration opinions are for another entry.)
PS: Out of the Unixes we use, Ubuntu has a default configuration that clearly logs everything to either /var/log/syslog or /var/log/auth.log, while the stock OpenBSD configuration only covers a limited number of facilities. It's possible that OpenBSD covers every use of syslog in the base system (you'd certainly hope so), but if so I doubt it covers all uses of syslog in the packages collection.