UTM logs are generated only when relevant signatures or patterns are matched. If the traffic passing through the firewall does not match any signatures, the logs will not appear.

To test if IPS signatures are being correctly matched, the article Technical Tip: No IPS logs are being generated can be followed.  

In an airgap environment, FortiGate devices can get the signature database updates from FortiManager.

It needs to be verified if the signature database is up-to-date or not with the following command:

    FGT # diagnose autoupdate versions

If the last update date is old, as in the example below:

     Application Definitions
   ---------
   Version: 6.00741 signed       <-- Old application signature database version.
   Contract Expiry Date: Sun May 9 2027
   Last Updated using manual update on Tue Dec 1 02:30:00 2015  <-- The last update date is pretty old.
   Last Update Attempt: n/a
   Result: Updates Installed

FortiGate will be able to match a lesser number of signatures and patterns as per the old database; hence, fewer UTM logs will be generated.

The latest version info of any security service database can be found on the FortiGuard website, along with certain information pertaining to the change made in the release. 

Verify if the central-management configuration is correct:

config system central-management
    set type fortimanager
    set fmg "x.x.x.x"
    set include-default-servers enable    <----- FortiGate gets updates from FortiGuard default servers.
end

If the above configuration is correct, make sure the following steps are correctly done on FortiManager:

1. Enable 'FortiGate Updates' under System Settings -> Network -> Service Access.
2. Go to FortiGuard -> Package Management -> Service Status and ensure that there are no pending updates to the concerned FortiGate device. If the updates are not pushed from here, an older database will still be visible on FortiGate, as seen in earlier output.