The ASA has an IPS module that may help you with what you want. I'm not aware of any device that will log when a keylogger is installed because that type of activity, local to the workstation, would be restricted by antivirus software. Anything traversing the network, i.e. buffer overflows, DoS attacks, MITM attacks, etc, can be seen with an IPS.
HTH,
John
HTH,
John
*** Please rate all useful posts ***