Can't you just setup the level of syslog messages you want sent to Orion on the ASA's like this:
logging host interface_name ip_address [tcp[/port] | udp[/port]] [format emblem] logging trap severity_level logging facility number
Choose what severity level based on the following:
If that's not granular enough you can use logging list:
Use the message list in order to include only the interested syslog messages by severity level and ID into a group, then associate this message list with the desired destination.
Complete these steps in order to configure a message list.
Enter the logging list message_list | level severity_level [class message_class] command in order to create a message list that includes messages with a specified severity level or message list.
Enter the logging list message_list message syslog_id-syslog_id2 command in order to add additional messages to the message list just created.
Enter the logging destination message_list command in order to specify the destination of the message list created.
Issue these commands in order to create a message list, which includes all the severity 2 (critical) messages with the addition of message 611101 to 611323, and also have them sent to the console:
I would think it would be easier to limit the messages sent to NPM at the source then trying to do at NPM.
logging list my_critical_messages level 2 logging list my_critical_messages message 611101-611323 logging console my_critical_messages