Snare converts the binary Windows event log messages into syslog messages. I don't think the logging level (I assume you are referring to the syslog priority) is relevant to MARS. MARS sets the severity based on how it maps the event, and it doesn't consider the syslog priority AFAICT. So, you can set it to whatever you want. By default, it appears to be NOTICE.
The "Allow SNARE to automatically set file audit configuration" has nothing to do with this really. The Windows audit policy settings determine what events get logged, even to the local security event log. If an event isn't in the windows event log, it can't be sent by Snare. The audit policy settings in a domain (i.e. on a member server) are almost always done via Group Policy and Snare shouldn't be required to automatically set the configuration. That's more for standalone Windows servers.
See this link for a discussion on Windows audit policy (it's for 2000, but still relevant):
http://www.microsoft.com/technet/security/prodtech/windows2000/w2kccadm/localpol/w2kadm11.mspx