When viewing the log messages on the ASA in the buffer or real time view you can right click and select Show rule. It should show you the rule that generated the syslog entry. On our ASA ver 8.0 we've benn making changes our Sec Admin asked for and now when I try that feature is replies only syslog servers with message Id 106023 and 106023 can display the rule. The last change we made was to change syslog messages to use Local4 facility code. did that mess us up?