Set up the ASA to send its logs to Splunk. They'll probably be in syslog format so you'll want to stand up a syslog server for that (consider using the Splunk Connect for Syslog app), although in a lab environment you can get away with sending syslog directly to your indexer. Once you have the data indexed, run simple searches to see what you have. Start with something like this to find the ASA events. index=foo "ASA" Look at the events and modify the search to exclude events you don't care about or to show only the events you do care about (like "allow" and "block"). Repeat the process until you've found what you want. Have a look in splunkbase (apps.splunk.com) to see if any of the apps there can help you shorten this process.
... View more