I do not believe asm will log (or can even be configured to log) all the violation/attack signature details to /var/log/asm. If there is an option to enable this I have never seen it. You could open case with F5 support to see if it's possible. However, logging detailed violation information with syslog is not a good idea. Too much performance overhead. Beginning with v11.6.0 asm does not log any security violation events [SECEV] to /var/log/asm by default and that is the recommended best practice. See SOL16053.
This is best handled by creating remote logging profile in the ASM config: Security>Event Logs>Logging Profiles. Send illegal requests to your Splunk server.