Cisco ASA: a very expensive machine that generates syslogs at line rate, and occasionally lets you firewall and do site-to-site VPNs
Follow
really, you absolutely NEED to turn off logging for messages 302013, 302014, 302016 (unless you're in the unenviable position of having to debug TCP/UDP connection setup).
Otherwise, it logs *every* connection setup and teardown, and it's very easy to miss the VPN logs you really want.
Speaking of logs... Splunk is great for historical log search, but the exact WRONG tool to do real-time debugging because I can't scroll the log in anywhere near real-time. So I had to send a copy of the ASA logs to an actual syslog machine.