This is for lab environment only. Saving logs locally is hard on CPU.
set security policies from-zone trust to-zone untrust policy DENYALL match source-address any
set security policies from-zone trust to-zone untrust policy DENYALL match destination-address any
set security policies from-zone trust to-zone untrust policy DENYALL match application any
set security policies from-zone trust to-zone untrust policy DENYALL then deny
set security policies from-zone trust to-zone untrust policy DENYALL then log session-init
set security log mode event
set system syslog file Denied-Traffic any any
set system syslog file Denied-Traffic match RT_FLOW_SESSION_DENY
set system syslog file Denied-Traffic archive size 1000k
set system syslog file Denied-Traffic archive files 10
set system syslog file Denied-Traffic archive world-readable
show log Denied-Traffic
To watch it live:
monitor start Denied-Traffic
By privilege15