Hi,
As I see it there are three ways in which you can go about doing this:
1. To setup a syslog server for the ASA and log all the traffic and filter the vpn traffic at the syslog server.
2. If that seems like a logging overhead then you can choose to log certain syslog IDs that would provide you the required VPN information.
3. If the extended authentication for the users is not being done locally(on the ASA) then then logging can be enabled on the authentication technology that is used (eg Active Directory Logging etc.)
Considering you want to do the second method I would suggest you go through the syslog messages and select the ones that you would prefer logging.
The follwing is the link to the syslog message directory on the 8.x versions. This should help you narrow down the IDs you would want to log.
Do take into account there are specific IDs for each type of VPN (eg WEBVPN, IPSec etc).
http://tools.cisco.com/squish/fd4E4
The following link is the syslog configuration document that may also come in handy.
http://tools.cisco.com/squish/8c878
Let me know if you have more questions.
Regards,
Sindhuja