I've always been taught the pass rules are more efficient, simply because on a correct match the entire traffic stream is ignored.
To quote support: You can create pass rules to prevent packets that meet criteria defined in the pass rule from trigger...
Hi,
Its likely you will use OpenSSH in your environment - most Linux based appliances use it, if you ever SSH to a switch or something theres a good chance :)
If the only traffic on port 22 is SFTP it certainly seems the likely cause.
Signature state...
Any pruning will be done on the backend via logrotate and you can find the limits in /etc/logrotate.d when you SSH to the appliance.
Though ... I've found some things that should probably be logrotated have not been, such as the /var/log/secure log.
...
Its my experience that you shouldnt mess with appliances, if its not supported in the documentation I wouldnt try it without Cisco providing some intructions.