Something that’s been bugging me for an age was being able to easily filter out logging options for the ASA to a syslog server. Usually enabling the information or debug options punts out huge amounts of data that can be a little tedious to sift through.

I tend to use SNMP Soft Syslog Watcher – this is a great free syslog server that works well. This is available HERE

Once installed enable logging for the ASA, you may also want to set up NTP to confirm log timestamps are accurate.

By default you can enable logging to Syslog with the following command – ASA5505(config)#logging trap level

What may be quicker depending on specific requirements is to log specific class events, a full list is available HERE

As an example, logging VPN based events for quicker site to site troubleshooting can be done via the below (replacing the IP address with your appropriate Syslog server IP: