We are expecting if someone performs PBR-related changes should be captured in the audit log, the routing changes are captured but PBR changes are missing so if I'm not mistaken PBR related configuration changes should be captured?

Herewith I have shared my lab output..

I 

The audit logs in SmartConsole will only show changes made via SmartConsole or the API. 
For OS-level changes like routing, the better place to look is /var/log/messages.

This is distributed architecture. The customer wants to feed routing changes, PBR related changes to the SIEM solution. So please recommend the best way to achieve this requirement. We already using log exporter to export security and audit logs to SIEM solution. But the customer is now concern about routing and PBR related changes should be captured by SIEM.

@User-checkpoint 

Changing PBR is a configuration change done on the gateways.

To get this in your SIEM solution you have to export audit logs from your gateway to your SIEM or you can send these logs to your management.

Wolfgang

@Wolfgang mentioned configuration already in place. but behaviour is same

@User-checkpoint 

did you set a remote system logging server? This should be your SIEM or a syslog server which is forwarding these audit logs to SIEM.

Wolfgang

@Wolfgang This is distributed architecture, the gateway is forwarding to SMS, and SMS will forward to SIEM solution via cp log exporter, where we cannot see PBR changes even in SMS. So I need to know how to pass PBR related changelogs to the SIEM solution

You can configure the Gaia OS to directly send its syslog message elsewhere (e.g. your SIEM solution).

@PhoneBoy  if I integrate gateway to SIEM via syslog messages, the concern is SIEM already integrated with SMS, will security logs be duplicated in SIEM solution? 

Gaia OS logs and Security Logs are entirely separate things unless you've checked the "Send syslog messages to management server" option as shown above, which is not the default.
Even so, if Gaia OS logs are sent to management, they may not be parsed in the most useful way, particularly if they are then sent to your SIEM. 
Highly recommend exporting those logs to your SIEM separately.

So this is very new to me and my team, below are the concerns, if we use a remote system logging mechanism to pass to the SIEM solution

1. which Syslog level needs to be configured to get configuration changes, login failure

2. Do we have any SK regarding Syslog field information since manual field indexing is required which manual procedure

I believe this is a common audit/SIEM integration use case when it comes to BFSI segmentation (If I'm not mistaken, PCIDSS required to capture configuration changes in SIEM)

I would review the messages you are interested in to determine the correct logging level as I do not know them offhand.
The only document I'm aware of that describes Gaia Syslog messages is: https://downloads.checkpoint.com/dc/download.htm?ID=24459