A couple of things:
1) Depending on the type of policy layer, if "Connection Logging" is not set for the rule matching the traffic, each individual connection will not get its own log every time. A series of related connections will be "rolled up" into a single log entry by Session Logging, with only a counter being incremented in the existing log for additional related connections. Note that Threat Prevention has its own separate log suppression mechanism. For more information about all this, see here: Max Gander: The Hidden World of Log Generation and Log Suppression at Check Point
2) It is possible that you have an indexer database issue that is keeping you from seeing the proper logs in searches, but they do actually exist in the raw log files on the SMS/Log Server, if you look directly at them without indexing. This problematic behavior became much less likely when the log indexer mechanism was reworked around R81 or so. Try disabling indexing on your SMS/Log Server, but only do this to confirm that an indexer issue is present, as doing this will make log searching very slow.
Alternatively, you can try opening the current fw.log file directly from the Logs & Monitor tab of SmartConsole to verify that the logs are really there. To do this, select the "hamburger" menu on the far right and then select File...Open Log File.
Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
