Cisco ASA appliances produce syslog event messages based on the following format.

%ASA-Level-Message_number: Message_text

• %ASA is a preset string identifier denoting the start of an event log line.
• Level: This is the event severity number, which complies with the syslog severity level format.

* ASA devices do not generate level 0 syslog messages.

• Message_number: Message number is the log id of the specific message. It is a 6-digit number where the first 3 digits are based on the event class (auth,sys,session etc.) and the last 3 are based on the specific event that falls under the previous class.
• Message_text: Message text is a string sentence that provides additional event information in human readable form. The string’s structure is based on the associated message_number (log id).

For a complete list of possible message numbers, their respective message text and further explanation of the it, refer to Cisco Syslog Messages Guide.