Hello Aretha
When it comes to contexts and Syslog, each context can be considered a different “device”. In other words, if you configure syslog on the admin context, then syslog will only operate within the confines of that specific context. It is not possible to channel all of your syslogs for all the contexts of the physical device out of a single context like the admin context. In other words, there is no native method of causing an ASA to collect or send a single stream of syslog messages for the whole device.
That’s one of the fundamental reasons for contexts, to create a completely separate virtual device with its own ports, its own security policies, and its own configuration. It will literally function as a separate device. More on contexts can be found here:
Now, having said that, it is possible to set up something called a syslog proxy. This is not specific to ASAs and contexts, but it is a possible solution for what you are asking for.
A syslog proxy or relay will collect log messages via the network and forward them to one or more remote syslog servers after processing them, but without storing them locally. A relay can also filter and rate limit syslogs before sending them to the syslog server as well.
I don’t believe that the ASA has any such configuration option, of a syslog proxy or relay. However, you can use third party devices/software to do this. In addition, Cisco Security Manager has an option for configuring a relay. More on that can be found here:
I hope this has been helpful!
Laz