You can add the log statement in specific access-list line and define the log level.
Command reference:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a3.html#wp1067755
[no] access-list id [line line-num] {deny | permit} icmp {source_addr source_mask} |
interface if_name | object-group network_obj_grp_id {destination_addr | remote_addr} {destination_mask | remote_mask} | interface if_name | object-group network_obj_grp_id [icmp_type | object-group icmp_type_obj_grp_id] [log [[disable | default] | [level]]] [interval secs]]
Enable syslog or other logging options:
For local logging buffer without syslog use:
logging on
logg buffer warning
# Enables logging in to PIX memory buffer use < show logg > to see the output.
For syslog setup use:
Note you need to install a syslog server somewhere in your network. Free syslog tolls can be KIWI Syslog deamon or 3COMDeamon.
logg on
logging trap warning
logg host YourIPAddress
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a9.html#wp1028090
sincerely
Patrick