Being new to the FortiGates, I probably have a misunderstanding on the log settings within the firewall policy. In the FortiManager, we have certain lines set to "Log All Sessions" that we are particular interested in, with the majority set to either "Log Violation Traffic" (for blocks) or "Log Security Events", and it's set this way with the intent of somewhat restricting logs that are being sent to our SIEM. We have to pay for extra log data, so we'd like to trim out what isn't needed.
After troubleshooting today, I believe this affects what's presented in the Log & Report > Forward Traffic. There were no results for a lline configured with "Log Security Events", but there was after this was changed to "Log All Sessions."
Is it typical practice to set every line in the Firewall Policy to "Log All Sessions." I understand there is a logging level configured in the syslog configuration, but does the logging level in the firewall policy affect what goes out via syslog?