Logging accept/closed/block

Hi,

Do anyone have some input relating to logs and what to log. Comming from a different vendor I am fairly used to the basick accept/drop, and if I need more than that I will do a packet capture.

I see in my fortianalyzer that I get tons of "closed" and sometimes cant see "accepts".

Is there some issues with logging the accepts, is it related to the "start logging when session begins" option ? And does this behave different on different types of fortigates ? I cant wrap my head around it.

I would like to have an global optin set so all session that i enable log on will show me either block or accept. And just have the whole "closed" stuff removed.