Hi,
There are many syslogs that you can use to granularly monitor your ASA. Here are few syslog IDs that you can try and search more in the link mentioned below:
1. Group policy modified:502111,502112, 718046
2. User account modified,enabled,disabled 501101,502101,502102,502103
3. VPN user added,deleted and modified-- i think this would be same as number 2.
4. VPN user logon and logoff activity-- 716039,716055,719020,719023,721016,721018,
For more details you can refee :
http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logmsgs2.html
Hope it helps!!!
Thanks,
R.Seth
Mark the answer as correct if it helps in resolving your query!!!