We use aour ASAs (5520 w/ 7.2.1 and 5540 w/ 7.0.5) as a firewall and as vpn concentrator for LAN2LAN and mobile VPN. The access from these VPN networks to any other network is controlled by access-lists. We have the need to know who (source ip) is accessing which target and service. By using a access-list similat to this extended permit ip any object-group vpn_networks log not int 5 extended permit aobject-group vpn_networks any log not int 5 axtended permit ip any any log disabled and using this access-list with the access-group for outgoing traffic we would be able to see some traffic. We will not be able to identify the traffic into the Internet (since it's NATed --> source ip has been changed) and will also not see blocked traffic. We have to deny the traffic in the access-lists of the group-policys since we make use of downloadable ACLs from the radius server.
Any ideas how to increase the logging? The logs are sent to our syslog server.