Something that’s been bugging me for an age was being able to easily filter out logging options for the ASA to a syslog server. Usually enabling the information or debug options punts out huge amounts of data that can be a little tedious to sift through.
I tend to use SNMP Soft Syslog Watcher – this is a great free syslog server that works well. This is available HERE
Once installed enable logging for the ASA, you may also want to set up NTP to confirm log timestamps are accurate.
By default you can enable logging to Syslog with the following command – ASA5505(config)#logging trap level
What may be quicker depending on specific requirements is to log specific class events, a full list is available HERE
As an example, logging VPN based events for quicker site to site troubleshooting can be done via the below (replacing the IP address with your appropriate Syslog server IP:
ASA5505(config)#logging host inside 192.168.10.250
ASA5505(config)#logging class vpn trap debugging
ASA5505#debug crypto isakmp
ASA5505#debug crypto ipsec